Screenshot: doxpara.com
Dan Kaminsky generated some infographics about the geographical extension of Sonys rootkit:
“Sony. Sony has a rootkit. The rootkit phones home. Phoning home requires a DNS query. DNS queries are cached.
It now appears that at least 568,200 nameservers have witnessed DNS queries related to the rootkit. How many hosts does this correspond to? Only Sony (and First4Internet) knows … unsurprisingly, they are not particularly communicative. But at that scale, it doesn’t take much to make this a multi-million host, worm-scale Incident. The process of discovering this has led to some significant advances in the art of cache snooping.
(…)
I also have an IP->Geographic data, courtesy of Mike Schiffman’s libipgeo and the fine folks at IP2Location, who have a very impressive database. So, the first thing I did was geolocate the data.”
