Wired mag article on spammers playing traceroute gameswith trojaned boxes

• Previous message (by thread): Wired mag article on spammers playing traceroute games with
• Next message (by thread): Wired mag article on spammers playing traceroute gameswith trojaned boxes
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>Actually, in the case of the wired article (removeform.com), it seems
to be 
>connected to a site in Florida.  I asked my programmer
(gabor at sentex.net) 
>to decode the obfuscated java script/page that is served up by one of
the 
>zombies (On FreeBSD fetch -B 18192 -o danger.html 
>http://www.removeform.com/d - I got it from 207.5.215.72  at the
time).  I 
>have attached it as a zip file with its contents. You will note that
the 
>form post goes back to
>
>form action="http://207.36.47.68/cgi-bin/addinfo.cgi"
>
>
>OrgName:    CyberGate, Inc.
>OrgID:      CYBG
>Address:    3250 W. Commercial Blvd. Suite 200
>City:       Ft. Lauderdale
>StateProv:  FL
>PostalCode: 33309
>Country:    US

This appears to be a rather prolific spammer. At first I thought they
were affiliated with www.skynetweb.com because they have the same
address, including suite number, but it now appears that they are really
affiliated with these guys:

http://www.affinity.com/about/our_team/our_team.htm 

John
--

• Previous message (by thread): Wired mag article on spammers playing traceroute games with
• Next message (by thread): Wired mag article on spammers playing traceroute gameswith trojaned boxes
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]