Re: Wired mag article on spammers playing traceroute games with trojaned boxes
Looks like attachments wont go through, so I will repost without the attachment. If anyone wants a copy, let me know ---Mike At 01:28 PM 09/10/2003, Andy Ellifson wrote:
Oops... Try this again...
And as soon as you call law enforcement what happends? The spammer is located offshore. Then what?
Actually, in the case of the wired article (removeform.com), it seems to be connected to a site in Florida. I asked my programmer (gabor@sentex.net) to decode the obfuscated java script/page that is served up by one of the zombies (On FreeBSD fetch -B 18192 -o danger.html http://www.removeform.com/d - I got it from 207.5.215.72 at the time). I have attached it as a zip file with its contents. You will note that the form post goes back to form action="http://207.36.47.68/cgi-bin/addinfo.cgi" OrgName: CyberGate, Inc. OrgID: CYBG Address: 3250 W. Commercial Blvd. Suite 200 City: Ft. Lauderdale StateProv: FL PostalCode: 33309 Country: US ---Mike
--- Hank Nussbacher <hank@att.net.il> wrote:
On Thu, 9 Oct 2003, Suresh Ramasubramanian wrote:
* "Follow the money" - find out the spammer / the guy who he spams for, from payment information etc.Sic law enforcement on them.
srs
I think we can all safely assume that the people behind this are most probably on NANOG or reading the archives and are now aware of your idea :-)
-Hank
participants (1)
-
Mike Tancsa