[63720] in North American Network Operators' Group
Re: Wired mag article on spammers playing traceroute gameswith
daemon@ATHENA.MIT.EDU (John Neiberger)
Thu Oct 9 16:00:12 2003
Date: Thu, 09 Oct 2003 13:42:57 -0600
From: "John Neiberger" <john.neiberger@efirstbank.com>
To: <nanog@merit.edu>
Errors-To: owner-nanog-outgoing@merit.edu
>Actually, in the case of the wired article (removeform.com), it seems
to be
>connected to a site in Florida. I asked my programmer
(gabor@sentex.net)
>to decode the obfuscated java script/page that is served up by one of
the
>zombies (On FreeBSD fetch -B 18192 -o danger.html
>http://www.removeform.com/d - I got it from 207.5.215.72 at the
time). I
>have attached it as a zip file with its contents. You will note that
the
>form post goes back to
>
>form action="http://207.36.47.68/cgi-bin/addinfo.cgi"
>
>
>OrgName: CyberGate, Inc.
>OrgID: CYBG
>Address: 3250 W. Commercial Blvd. Suite 200
>City: Ft. Lauderdale
>StateProv: FL
>PostalCode: 33309
>Country: US
This appears to be a rather prolific spammer. At first I thought they
were affiliated with www.skynetweb.com because they have the same
address, including suite number, but it now appears that they are really
affiliated with these guys:
http://www.affinity.com/about/our_team/our_team.htm
John
--
