Shostack + Friends Blog Archive


568,200 DNS servers Know Sony

sony-rootkit-dns.jpgDan Kaminsky has done some digging into the Sony rootkit:

It now appears that at least 568,200 nameservers have witnessed DNS queries related to the rootkit. How many hosts does this correspond to? Only Sony (and First4Internet) knows…unsurprisingly, they are not particularly communicative. But at that scale, it doesn’t take much to make this a multi-million host, worm-scale Incident. The process of discovering this has led to some significant advances in the art of cache snooping.

At first, it sounded to me like that’s a lower bound. Then I realized that if the software phones home regularly, than each laptop which roams to different networks will be represented multiple times, so it’s not quite that simple.

The map is Dan’s. Click it for a full version.

(Via Dave Maynor, at ISS’s “Sony BMG Bundled Software Vulnerabilities.”)

One comment on "568,200 DNS servers Know Sony"

Comments are closed.