Hi, I'm the author of the Ars article and the submitter of this story, Alex from sunbelt got back to me with a bit more information:
Basically, it went like this:
Patrick Jordan, our CoolWebSearch expert, was doing research on a CWS
exploit. During the course of the research, he disovered that a) the
machine he was testing became a spam zombie and b) it send a call back
to a remote server. He traced back the remote server and found what you
have heard about.
The scale is unimaginable. There are thousands of machines pinging back
in a day. There is a keylogger file that grows and grows, and then is
zipped off and then the cycle continues again.
It is sophisticated. There are nifty little PHP scripts that help the
criminals get reports. There is a special upload area.
Slashdot Mirror
Hi, I'm the author of the Ars article and the submitter of this story, Alex from sunbelt got back to me with a bit more information:
Basically, it went like this:
Patrick Jordan, our CoolWebSearch expert, was doing research on a CWS exploit. During the course of the research, he disovered that a) the machine he was testing became a spam zombie and b) it send a call back to a remote server. He traced back the remote server and found what you have heard about.
The scale is unimaginable. There are thousands of machines pinging back in a day. There is a keylogger file that grows and grows, and then is zipped off and then the cycle continues again.
It is sophisticated. There are nifty little PHP scripts that help the criminals get reports. There is a special upload area.
It's really quite sucktastic.
Purdue used Netscape 7 as the standard browser and mail client on over 3000 lab machines.