Wired mag article on spammers playing traceroute gameswith trojaned boxes
John Neiberger
john.neiberger at efirstbank.com
Thu Oct 9 19:42:57 UTC 2003
>Actually, in the case of the wired article (removeform.com), it seems
to be
>connected to a site in Florida. I asked my programmer
(gabor at sentex.net)
>to decode the obfuscated java script/page that is served up by one of
the
>zombies (On FreeBSD fetch -B 18192 -o danger.html
>http://www.removeform.com/d - I got it from 207.5.215.72 at the
time). I
>have attached it as a zip file with its contents. You will note that
the
>form post goes back to
>
>form action="http://207.36.47.68/cgi-bin/addinfo.cgi"
>
>
>OrgName: CyberGate, Inc.
>OrgID: CYBG
>Address: 3250 W. Commercial Blvd. Suite 200
>City: Ft. Lauderdale
>StateProv: FL
>PostalCode: 33309
>Country: US
This appears to be a rather prolific spammer. At first I thought they
were affiliated with www.skynetweb.com because they have the same
address, including suite number, but it now appears that they are really
affiliated with these guys:
http://www.affinity.com/about/our_team/our_team.htm
John
--
More information about the NANOG
mailing list