the sony drm infection spreads
A rather alarming statistic in relation to the continuing Sony DRM crisis surfaces.
It has been estimated that approximately half a million networks (including military and government sites) may have been infected by the copy-restriction software that was secretly bundled on a number of Sony BMG's recent audio CDs.
This figure was arrived at by independent security analyst Dan Kaminsky who traced evidence of DNS cache use.
Once a Sony rootkitted CD is used on a client PC on a network, the corresponding DNS server is prompted to make a request to a number of addresses: connected.sonymusic.com, updates.xcp-aurora.com and license.suncom2.com.
If a machine from that DNS server’s network has looked up either of these addresses, then it would point to the fact that any one or more of its clients has already been infected.
As Wired has summed up:
Incidentally, as this situation has been lingering on for a number of weeks, Boing Boing has helpfully produced a timeline of events that collects the news as it has been happening.
It has been estimated that approximately half a million networks (including military and government sites) may have been infected by the copy-restriction software that was secretly bundled on a number of Sony BMG's recent audio CDs.
This figure was arrived at by independent security analyst Dan Kaminsky who traced evidence of DNS cache use.
Once a Sony rootkitted CD is used on a client PC on a network, the corresponding DNS server is prompted to make a request to a number of addresses: connected.sonymusic.com, updates.xcp-aurora.com and license.suncom2.com.
If a machine from that DNS server’s network has looked up either of these addresses, then it would point to the fact that any one or more of its clients has already been infected.
As Wired has summed up:
The damage spans 165 countries, with the top five countries being Spain, the Netherlands, Great Britain, the United States and Japan, which, with more than 217,000 DNS servers reporting knowledge of Sony-related addresses, takes the top spot. Kaminsky doesn't speculate on how many machines may actually be compromised.
... "My approach is entirely statistical -- the only people who know are the people who put together the software themselves. The problem is they don't have to tell us the truth."
Incidentally, as this situation has been lingering on for a number of weeks, Boing Boing has helpfully produced a timeline of events that collects the news as it has been happening.
This entry was posted
on Wednesday, November 16, 2005 at 12:02 pm.
