It's a shampoo world anyway
 
Mittwoch, 16. November 2005


Using DNS queries to estimate backdoor propagation

A backdoor that tries to phone home usually uses DNS-queries to locate the host they should report to. These DNS queries are cached by the DNS server for some time. Dan Kaminski uses this behaviour to estimate the number of PCs that are infected by Sony’s DRM rootkit(he found more than 500.000 DNS servers that received a query related to the rootkit, leading to a conservative estimate that the number of infected PCs is in the millions).

The image shows the distribution of the located DNS servers in Europe (click here for larger maps: USA, Asia, Europe). The more I learn about DNS, the more I am intrigued by this often overlooked protocol.

Oh - Sony’s uninstaller leaves the PC even more open to further attacks.

... Link


 
online for 8426 Days
last updated: 09.04.14, 16:14
status
Youre not logged in ... Login
menu
... home
... topics

... antville home

November 2005
So.Mo.Di.Mi.Do.Fr.Sa.
12345
6789101112
13141516171819
20212223242526
27282930
SeptemberJanuar
about:
the shampoo world is
the personal weblog of Martin Johns.
recent

xml version of this page

Made with Antville
powered by
Helma Object Publisher




...welcome to the long tail...