"Any attacker who can control 100,000 machines is a major force on the internet, while someone with a million or more is currently unstoppable: able to launch massively diffuse DDOS attacks, perform needle in a hayfield searches, and commit all sorts of other mayhem. We already understand how worms could be used to gain control of so many machines. Yet the recent revelation that Brilliant Digital Media has bundled a small trojan with KaZaA has underscored another means by which an attacker could gain control of so many machines: poorly secured automatic updaters. If an attacker can distribute his own code as an update, he can take control of millions of machines. "
http://www.cs.berkeley.edu/~nweaver/0wn2.html So, now, how hard would it be to use this mechanism to upload PGPNet with opportunistic encryption enabled to millions of hosts ?
