It's a shampoo world anyway
 
Mittwoch, 16. November 2005


Using DNS queries to estimate backdoor propagation

A backdoor that tries to phone home usually uses DNS-queries to locate the host they should report to. These DNS queries are cached by the DNS server for some time. Dan Kaminski uses this behaviour to estimate the number of PCs that are infected by Sony’s DRM rootkit(he found more than 500.000 DNS servers that received a query related to the rootkit, leading to a conservative estimate that the number of infected PCs is in the millions).

The image shows the distribution of the located DNS servers in Europe (click here for larger maps: USA, Asia, Europe). The more I learn about DNS, the more I am intrigued by this often overlooked protocol.

Oh - Sony’s uninstaller leaves the PC even more open to further attacks.

 
online for 8613 Days
last updated: 09.04.14, 16:14
status
Youre not logged in ... Login
menu
... home
... topics

... antville home

Juni 2025
So.Mo.Di.Mi.Do.Fr.Sa.
1234567
891011121314
15161718192021
22232425262728
2930
Juni
about:
the shampoo world is
the personal weblog of Martin Johns.
recent

xml version of this page

Made with Antville
powered by
Helma Object Publisher




...welcome to the long tail...