[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <43B2F33F.2090902@put.poznan.pl>
Date: Wed, 28 Dec 2005 21:19:11 +0100
From: Tomasz Kokowski <Tomasz.Kokowski@....poznan.pl>
To: Paul <pvnick@...il.com>
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: Someone wasted a nice bug on spyware...
Paul pisze 2005-12-28 07:25 tak...
> Indeed, this is quite an annoyance. Buytoolbar.biz/xpl.wmf also works. I
> sent it to Microsoft a few days ago and they're looking into it. It looks
> like it's going to be a bad week at MSRC :(
> I whoised the owners of a couple domains who host the image and got the
> following information:
>
[...]
> Technical Contact ID: 6464086-SRSPLUS
> Technical Contact Name: Ezhi Brozkevitsh
> Technical Contact Organization: Ezhi Brozkevitsh
> Technical Contact Address1: Al. Armii Ludowej 24
> Technical Contact City: Warszawa
> Technical Contact Postal Code: 00-609
> Technical Contact Country: Poland
> Technical Contact Country Code: PL
> Technical Contact Phone Number: +21.225798400
[...]
> This information does look promising. Iframeurl.biz is also registered to
> the same individual. Perhaps the Polish authorities could apprehend this
> culprit (either that, or a Polish reader of full-disclosure could pay him a
> visit ;). That is, of course, assuming he is stupid enough to use his real
> name to register a domain for illegal use.
Nope.
First, Ezhi seems not to match any Polish name even
in terms of phonetic transcription. Brozkevitsh
in turn looks like Brożkiewicz in Polish.
Second, as far as I know our international phone number
always starts with +48...
Third, (for those of you who don't know, since
1989 something has changed in Poland and street
name as Al. Armii Ludowej seems veeeery unlikely.
However, to tell you the truth, it concerns to Warsaw
which is a strange city itself (I personally live
in Poznan) and nearly everything is plausible there
(no offense, Warsaw).
Tomasz Kokowski
(http://www.put.poznan.pl/~tommy)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists