>Actually, in the case of the wired article (removeform.com), it seems to be >connected to a site in Florida. I asked my programmer ([EMAIL PROTECTED]) >to decode the obfuscated java script/page that is served up by one of the >zombies (On FreeBSD fetch -B 18192 -o danger.html >http://www.removeform.com/d - I got it from 207.5.215.72 at the time). I >have attached it as a zip file with its contents. You will note that the >form post goes back to > >form action="http://207.36.47.68/cgi-bin/addinfo.cgi"; > > >OrgName: CyberGate, Inc. >OrgID: CYBG >Address: 3250 W. Commercial Blvd. Suite 200 >City: Ft. Lauderdale >StateProv: FL >PostalCode: 33309 >Country: US
This appears to be a rather prolific spammer. At first I thought they were affiliated with www.skynetweb.com because they have the same address, including suite number, but it now appears that they are really affiliated with these guys: http://www.affinity.com/about/our_team/our_team.htm John --
