Spiderlabs. The main breakthrough was when he downloaded and ran the malware in a safe environment. This allowed him to track the rogue program connecting to an FTP server. He spied on the net traffic to discover the username and password the malware used to FTP things up to the owner's server.
That is when the real ownage began. He was able to log into the FTP server and search around. Further tracking involved finding out the license used for a commercial keylogging app, and typing that back to a real person's name. Oh this is so cool. This just goes to show you that when you have the right skills, you can figure all kinds of things out.
I am just curious why the guy did not play any tricks on the keylogger. If you got access to their site, you could reverse the roles and hijack the script kiddies.
Timing is Everything - I was assigned a tricky problem to work on. Some of the data was missing in our production environment. Everything seemed to work fine in development and ...