Home > Security > Separation Anxiety

Separation Anxiety

November 17, 2005 Leave a comment Go to comments

New images from the Sony Rootkit Research front:

Red signifies evidence of First4Internet accesses; Green signifies accesses to Sony’s enhanced CD site (included with the rootkit, but also elsewhere). Most links are yellow, though: Over 3/4ths of networks found resolving Sony during the sampling period also resolved First4Internet. The geographic evidence lines up pretty nicely as well (Sony | F4I).

What does this signify? Interesting question. Originally, it appeared that the rootkit itself issued queries against First4Internet. It may, it may not, we’re not entirely sure yet. Yet First4Internet exhibits remarkably high popularity, weeks into the controversy, for a site not automatically connected to. I suppose it cannot be too surprising to see high correlation between names exhibiting potential for infection and names implying desire for disinfection/uninstall, but I’d like to know more. Ultimately, as I have said from the start — I simply do not have enough information to determine/imply/”guesstimate” how many hosts have been compromised.

Only Sony does.

Categories: Security
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: