[IP] Sony: >500,000 systems compromised? (fwd)
===== Forwarded message from Jonathan Corbet <corbet@xxxxxxxxxxxxxxxx> =====
\From: Jonathan Corbet <corbet@xxxxxxxxxxxxxxxx>
To: dave@xxxxxxxxxx
Subject: Sony: >500,000 systems compromised?
Date: Tue, 15 Nov 2005 17:08:32 -0700
From http://www.doxpara.com/?q=sony:
> Sony.
>
> Sony has a rootkit.
>
> The rootkit phones home.
>
> Phoning home requires a DNS query.
>
> DNS queries are cached.
>
> Caches are externally testable (great paper, Luis!), provided you have a
> list of all the name servers out there.
>
> It just so happens I have such a list, from the audits I've been running
> from http://deluvian.doxpara.com .
>
> So what did I find?
>
> Much, much more than I expected.
>
> It now appears that at least 568,200 nameservers have witnessed DNS
> queries related to the rootkit.
More on the site, including wild graphics showing the locations of infected
systems. Food for the class-action lawyers.
jon
===== End forwarded message =====
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/