|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Wired mag article on spammers playing traceroute games with trojaned boxes
Looks like attachments wont go through, so I will repost without the attachment. If anyone wants a copy, let me know ---Mike At 01:28 PM 09/10/2003, Andy Ellifson wrote: Actually, in the case of the wired article (removeform.com), it seems to be connected to a site in Florida. I asked my programmer ([email protected]) to decode the obfuscated java script/page that is served up by one of the zombies (On FreeBSD fetch -B 18192 -o danger.html http://www.removeform.com/d - I got it from 207.5.215.72 at the time). I have attached it as a zip file with its contents. You will note that the form post goes back toOops... Try this again... And as soon as you call law enforcement what happends? The spammer is located offshore. Then what? form action="http://207.36.47.68/cgi-bin/addinfo.cgi"; OrgName: CyberGate, Inc. OrgID: CYBG Address: 3250 W. Commercial Blvd. Suite 200 City: Ft. Lauderdale StateProv: FL PostalCode: 33309 Country: US ---Mike --- Hank Nussbacher <[email protected]> wrote: > > On Thu, 9 Oct 2003, Suresh Ramasubramanian wrote: > > > * "Follow the money" - find out the spammer / the guy who he spams > for, > > from payment information etc.Sic law enforcement on them. > > > > srs > > I think we can all safely assume that the people behind this are most > probably on NANOG or reading the archives and are now aware of your > idea > :-) > > -Hank >
|