Wired mag article on spammers playing traceroute games with trojaned boxes
Mike Tancsa
mike at sentex.net
Thu Oct 9 18:36:53 UTC 2003
Looks like attachments wont go through, so I will repost without the
attachment. If anyone wants a copy, let me know
---Mike
At 01:28 PM 09/10/2003, Andy Ellifson wrote:
>Oops... Try this again...
>
>And as soon as you call law enforcement what happends? The spammer is
>located offshore. Then what?
Actually, in the case of the wired article (removeform.com), it seems to be
connected to a site in Florida. I asked my programmer (gabor at sentex.net)
to decode the obfuscated java script/page that is served up by one of the
zombies (On FreeBSD fetch -B 18192 -o danger.html
http://www.removeform.com/d - I got it from 207.5.215.72 at the time). I
have attached it as a zip file with its contents. You will note that the
form post goes back to
form action="http://207.36.47.68/cgi-bin/addinfo.cgi"
OrgName: CyberGate, Inc.
OrgID: CYBG
Address: 3250 W. Commercial Blvd. Suite 200
City: Ft. Lauderdale
StateProv: FL
PostalCode: 33309
Country: US
---Mike
>--- Hank Nussbacher <hank at att.net.il> wrote:
> >
> > On Thu, 9 Oct 2003, Suresh Ramasubramanian wrote:
> >
> > > * "Follow the money" - find out the spammer / the guy who he spams
> > for,
> > > from payment information etc.Sic law enforcement on them.
> > >
> > > srs
> >
> > I think we can all safely assume that the people behind this are most
> > probably on NANOG or reading the archives and are now aware of your
> > idea
> > :-)
> >
> > -Hank
> >
More information about the NANOG
mailing list