Spiderlabs. The main breakthrough was when he downloaded and ran the malware in a safe environment. This allowed him to track the rogue program connecting to an FTP server. He spied on the net traffic to discover the username and password the malware used to FTP things up to the owner's server.
That is when the real ownage began. He was able to log into the FTP server and search around. Further tracking involved finding out the license used for a commercial keylogging app, and typing that back to a real person's name. Oh this is so cool. This just goes to show you that when you have the right skills, you can figure all kinds of things out.
I am just curious why the guy did not play any tricks on the keylogger. If you got access to their site, you could reverse the roles and hijack the script kiddies.
Struggling With the Calendar Code - Turns out we need to work all weekend on fixing bugs before the customer will even consider accepting our system for production use. I got assigned a tick...