That jibes with Russinovich's take on the copy-protection scheme, which was created by a U.K.-based company, First4Internet. In the blogs Russinovich has posted about his investigation into Sony's DRM, the rootkit, and its uninstaller, he's called the First4Internet software "underhanded and sloppily written" and characterized the company's programming skills as "inept."
"Any user who has downloaded and run the Sony uninstaller is susceptible to this attack," said Hubbard.
That could mean more than half a million potential victims, according to some estimates. Earlier this week, security researcher Dan Kaminsky claimed that he had found more than half a million name servers which had stored DNS queries related to the Sony rootkit, indicating that the number of PCs with the Sony copy-protection installed was much larger than earlier thought.
To put Kaminsky's numbers in context, the August attack of the Zotob bot worm affected approximately 10,000 PCs.
But there may be a silver lining to the whole Sony cloud.
"What's positive here is the exposure of a scenario when someone uses technology that they believe is protecting intellectual property, but they haven't taken into account that security comes into play as well," said Hubbard.
"Developers must be aware that there are [security] repercussions in almost any program," he said. "Too often, security gets bypassed in the development cycle."