Not sure if he'd be interested, but the only person I can think of is 
Steve Gibson (grc.com).  He's a security expert, in fact he's the one 
that coined the term "spyware".  He does a computer security podcast as 
well.  I don't have an email address for him.

James Newton, Host wrote:
> This is just weird:
>
> A few days ago I noticed that a page containing information that is not
> interesting and is commonly available elsewhere was becoming very popular on
> the site. It is now the most popular single page with 4352 hits in the last
> 6 days. I'm not going to post the page URL here because I don't want to
> upset what is going on with you all visiting the page. Suffice it to say
> that the page is just about stupid and almost empty.
>
> Today I started looking at my server logs to see who was linking to that
> page (expecting to find a referred from URL in at least some of the hits)
> and I was somewhat shocked to find that all the hits not only do not specify
> the referrer, they are also from exactly the same user agent:
>
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322)
>
> No variation at all. So I thought that some idiot had probably got his site
> ripping engine stuck on one page. But no, the accesses are coming from
> different IP addresses. No single IP address has ever requested the page
> more than once. In fact, none of them have requested ANY page on my server
> anytime in the last 7 days OTHER than this one.
>
> So then I thought it must be a DoS attack, but no, the volume is still quite
> low. In fact: There has not been more than 1 access from each IP address.
> And each IP address only hits that one page... One time...
>
> So think about this: Thousands of different IP addresses from all over the
> world (mostly outside the USA) are making one request of my server for a
> nothing page and then going away.
>
> These must be zombies. They are running some software that is causing them
> to make this request on first install or once every so many days but greater
> than the 7 days I've checked.
>
> Questions:
>
> - Is the author of the zombie planning to use my page to post updated
> instructions to his program? Piclist.com is a wiki... I've locked the page
> so it can not be modified just incase, but I am still alowing it to be
> viewed.
>
> - Is there some outfit that investigates things like this who would be
> interested to know what I'm seeing?
>
> - If this is a zombie program is its reference to my server going to
> implicate me? In other words, could someone who is tracking the zombie and
> looking for the author think that it is me since the program is looking
> here?
>
> - What would you do if you were me?
>
> ---
> James Newton: PICList webmaster/Admin
> mailto:jamesnewton@piclist.com  1-619-652-0593 phone
> http://www.piclist.com/member/JMN-EFP-786
> PIC/PICList FAQ: http://www.piclist.com
>
>
>   

-- 
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist