The 500,000 compromised machines may be the statistical estimate from Kaminsky mentioned in the article I linked at 17 Nov 05 - 07:08 PM. He's not the one getting the credit for the first documented "discovery," but he's an impressive name in the business, and he's done a lot to fill in just how bad this thing is. Kaminsky's main contribution thus far has been in providing the first credible estimate of how far the thing has been spread - and it's MUCH MORE WIDELY DISTRIBUTED than can be accounted for by Sony's admissions to date of when and where they've distributed it.

Mark Russinovich is the guy getting the credit for the first trace of this crud to Sony. Others had found it, but had not been able to figure out where it came from. The first link above at 17 Nov 05 - 07:08 PM (Article by Ryan Naraine) has a link:

"In fact, as Russinovich himself explained in a fascinating blow-by-blow account of his findings, the detection of the Sony rootkit was not a straightforward task..."

The step-by-step procedure at this link gives Russinovich's description of just how tough it was to dig out who was responsible for all this.

I don't think we know yet how "guilty" Sony is, but my guess is they'll turn up more so than less. The vendor, "First 4 Internet," who supplied this garbage to Sony, reportedly has several other customers, and no one has reported whether they've sold the same, or similar or worse, stuff to others. I suspect First 4 Internet people are not answering the phone much.

At the Naraine article, you'll find a sidebar link to a commentary by Larry Loeb who's one of those reporting that the Sony "uninstall" may be worse than the original DRM program, so far as your own security and machine stability are concerned. A link in Loeb's commentary takes you to Sony's Uninstaller Is Worse than Its DRM, By Larry Loeb, IT Hub - Security, November 15, 2005, where you learn that the original web based Sony "uninstaller" opens a new "hole" that is left on the machine after the uninstall completes. External acces to the new hole by potentially malicious exploiters, and the ability to take over the machine and/or install any desired malware on it has been demonstrated. Sony has replaced the web based uninstaller with a downloadable .exe uninstaller that hasn't been fully analyzed yet. Who's gonna trust it?

For those who don't have enough to worry about, Russinovich reports that the "player" embedded in the Sony crapware is by Macromedia. No report yet on whether it's a standard or modified/bugged version. Macromedia has reported an extremely large and critical security hole in its Macromedia Flash utility, and are urging everyone to immediately upgrade to their newest version. I haven't, because their EULA (which you have to follow a link from their download site to find) incorporates by default 31 other separate "subprogram" EULAs, any one of which could "give them permission" to do virtually anything they want to to your computer. You have to follow separate links to each EULA to read them. This is a kind of "concealed permission" commonly used by malware distributors, and even when it works Macromedia is already "almost a virus." I WILL NOT INSTALL their junk before I've read all 31 of the incorporated EULAs, so in the meantime - untill I've got a week or so free - I've just disabled Flash. Unless you have a critical need for Flash, I'd suggest you do the same.

One wonders(?) if Macromedia participated in - or at least gave approval for - the development of the Sony crapware.(??????)

I think we need Sonygate hearings in the Senate - at the very least - so that all this can be properly whitewashed and we can forget about it. It may all come down to the fact that Sony has more lawyers - and certainly better paid lobbyists - than even Microsoft. Expect a lawsuit to block Microsoft's plan to remove the Sony DRM with their Anti-spyware and Anti-malware programs. Sooner or later.

John