The most commonly published analytic models of Internet worm behavior use differential equations that express mean field behavior; these equations have deterministic solution. Such models necessarily suppress the expression of stochastic variance in worm behavior. Variance in real worms' behavior have a variety of sources,most particularly that due to random scanning for susceptible hosts. Variance can be explained by a model that focuses on the times of next infection (TNI), which tells us that variance in infection times is due primarily to variance in inter-infection times early in the worm's life. This regime of worm behavior is particularly relevant to simulation-based studies of worm detection mechanisms. The main contributions of this paper are to validate the infection times of the TNI model with respect to a complex scan-oriented model based on Code Red structure, and to empirically evaluate the variance in intuitive and commonly used metrics for worm detection. Our experiments show that the variance is very very high, a result which strongly suggests that evaluation of worm defense mechanisms not overlook this variance as will occur when deterministic models of worm propagation are used.