PGTS PGTS Pty. Ltd.   ACN: 007 008 568               Mobile Version Coming Soon

point Site Navigation







Valid HTML 4.01!






   Stop Spam! Stop Viruses!
   Secure And Reliable Ubuntu Desktop!

   Ubuntu

   If you own a netbook/laptop~
   Download Ubuntu Netbook!





Feedback: December 2003, Published: January 2004

This month some information from the USA, once again, draws attention to the Your1Host spammers. As it turns out they probably should be called the uMondo spammers (or maybe the Ion Entertainment spammers -- they have many names). The Your1host saga continues because It seems that some registrars are tardy about taking action against known spammers.

This has prompted me to send the following e-mail to bulkregister.com: 

	Subject: False address for Your1host.net

	Sirs,

	I would like to draw your attention to a matter which requires urgent
	action on your behalf. This is in regard to the domain Your1Host.net
	which is registered by your organisation.

	The contact information that is given for Your1Host.net is:
		10061 Riverside Dr.
		Toluca Lake, CA 91602
		US
		Phone:: 818-506-4388

	The information supplied is false and/or misleading. The Toluca Lake
	Chamber of Commerce lists this address and phone number as belonging to
	a mail and shipping franchise known as "Mail Boxes Etc."

	The organisation Your1Host is a well known "front" for an extensive spam
	operation. A search for Your1host+spam" brings up 22 hits in Google,
	many of which include comprehensive and well-documented samples of spam.
	These are from reputable organisations all around the world.

	Sincerely etc,

In the meantime it seems to be business as usual for the Your1Host spammers, who operate under the names uMondo LLC and Ion Entertainment LLC (and probably many other names).

After receiving the information about uMondo, I checked their web site. The home page had a login screen surrounded by a large amount of graphics. The webhost, like all the others in this stable, was Microsoft-IIS. And, from memory, the home page was similar in appearance to some of the sites which had been associated with Your1host.net. Visitors can sign up with uMondo, which mainly entails giving them your contact information (including e-mail address). They promise to respect your privacy ... <sarcasm> So I guess you don't have anything to worry about there!</sarcasm>

If I could set aside objectivity and make a gratuitous comment, I will add that what I saw of their site had the appearance of a typical spammers' nest.

LLC stands for Limited Liability Company and may be equivalent to our Australian Pty. Ltd.

In The Gospel According to Google, the address 4804 Laurel Canyon #119 is described as a "PMB", which I believe is an American Acronym for Private Mail Box, in Valley Village, California. In the USA, such mail facilities seem to operate as private franchises. I don't know how much (or how little) regulation is imposed on these services.

In the past however, it seems that PMB 119 at 4804 Laurel Canyon Blvd has been used by such dubious domains as: PowerfulPorn.com, GoodCleanPorn.com, Fu69ck.com, PornOfficebox.com. No prizes for guessing what those domains might have been selling.

In addition to the domains mentioned in the previous newsletter, the following domains are closely associated with umondo.biz, and are part of this spam gang: 

	10packs.com
	Daddys-Little-Girls.com
	eShy.com
	GetAWife.net
	IonEnt.com
	MondoCable.com
	MondoDepot.com
	MondoDrugs.com
	MondoLibrary.com
	MondoMagazines.com
	MondoMeds.com
	MondoParty.com
	MondoRegister.com
	MondoRX.com
	MondoSavings.com
	MondoServices.com
	MondoStore.com
	MondoTemplates.com
	MondoVacations.com
	Ultra-Fast.com

Most of these are set up in a similar manner and, except for 10pack.com, they share the same address (PMB 119, 4804 Laurel Canyon Blvd). There are only 4 variants of contact info, with two names, Zack Thomas and Danny Alexander, as follows: 

	10packs
	support@10packs.com
	Pestalozzi St., 6900 Lugano
	Lugg, Bridge HR1
	GB
	Phone- 011-44-208-7289011

	Danny and Zack
	Danny Alexander
	Zack Thomas
	Zack Thomas
	4804 Laurel Canyon #119
	Valley Village, California 91405
	United States
	8183040700 Fax --

The name Danny Alexander is often associated with Ion Entertainment (IonEnt.com), another LLC that shares the PMB in Valley Village. There is a company called Ion Entertainment in California (IonEntertainment.com), but there is no obvious connection between the firms.

The name servers that they prefer are ns1.xodns.com, ns2.xodns.com, ns1.qwdns.com and ns2.qwdns.com. There are other domains associated with the uMondo spammers and when I get the time I will try to list them all. QWDNS.com and XODNS.com, which provide the name servers, seem to have a key role in the scheme of things. Both these domains have funky looking contact information.

The contact information for QWDNS.com is: 

	support@qwdns.com
	QW DNS
	6633 San Felipe St
	Houston, TX 77057
	US
	Phone: 818-475-5429

There does not appear to be a yellow pages (or any) listing for a firm called QW DNS. The phone number is not a Texas Number. Instead this phone service seems to be located in the San Fernando Valley, which by a not so remarkable conicidence, is where the uMondo PMB (in Valley Village) is also located. This same phone number appears in the contact details for Forwardhosting.net, another member of this spammers' nest (as previously documented). Google queries for a company called QW DNS return no result. In summary, the address appears to be false. Or it may be a convenient drop point. Bulkregister.com have been notified of this fact.

The Registration details for XODNS.com are as follows: 

	Simon McNelsonn
	4000 William Armstrong Drive
	Newcastle-upon-Tyne, IR NE4 7YA
	IE

The sponsoring registrar of uMondo LLC is GO DADDY SOFTWARE, INC. GoDaddy.com seem to be a budget US registrar. Whois lists their address in Arizona. I have notified them about their unsavoury client.

The UK connection might mean that this is a multi-national spam hub.

Perhaps other PMB customers who use the mailbox address at Laurel Canyon Blvd might want to express their discontent with sharing facilities with spammers.

Overalll, this seems to be a complex, intermeshed group with many parent organisations and child entities (and maybe even some grand children?). And I have only scraped the surface. It would seem to be a major gang of spammers. I am not familiar with laws regarding disclosure of correct information for LLCs in California, but in Victoria (Australia), false information on websites and/or false contact and address information on registration details would incur penalties under Company Law.

Furthermore I would expect that many of the activities carried out by uMondo and its' progeny are illegal.

Feedback:

Hints for this month:

How to make a specific colour transparent (in GIMP)

Date: Tue, 2 Dec 2003 11:59:33 +1100
From: Gerry Patterson

* Choose the layer selection tool (Layers, Channels & Paths from the
  Right-Click Menu).

* Right-click the layer and select "add alpha channel".

* Over the image, right-click and select: "Select/select by color".

* Click the colour (over the image) of the selected image.

* Right-click the image and select "Edit/Cut". Select "Cut". This
  removes the colour selected from layer (which effectively makes it
  transparent)

Back To Index

Identity of "MX Your1host.net" spammers

From: Bernie (USA)
Date: Sat, 6 Dec 2003 01:19:17 EST

Hi,

I found and read your "PGTS Journal, July 2003" newsletter
(http://www.pgts.com.au/cgi-bin/pgtsj?file=pgtsj0307f). Like you, I have been
searching for the identity of what you call the "MX Your1host.net
spammers."

I have now discovered their real identity. See below, and please do with
this information what you wish:

The individual(s) is/are known as uMondo, LLC. The main web site is
http://www.umondo.biz.

(The following information can be found by Whois lookup at
http://www.checkdomain.com/cgi-bin/checkdomain.pl?domain=umondo.biz):

Registrant: uMondo, LLC

Administrative, Billing, and Technical Contact:

Ryan Fellman (GODA-23312779) support@umondo.com
uMondo, LLC
4804 Laurel Canyon #119
Vallley Village, California 91607
United States
Phone: +1.8183040700

Name Servers:

NS1.QWDNS.COM
NS2.QWDNS.COM

(NOTE: Ryan Fellman can also be reached at rythaman@sbcglobal.net and
1-818-335-2558.)

Best of luck.

Ed: Thanks for the info, Bernie. This is a right regular tim of worms.
And it's hard to know where to begin. This little nest of spammers
appear to have been very busy in the past year. The convoluted trail of
domains is a tribute to their energy and enterprise. It's a pity to see
so much effort devoted to anti-social ends. (and most probably using
anti-social means)

There is a Harris Fellman, who was listed as the owner of Ion
Entertainment (one of the many organisations in this spam gang).

For more details, see my comments at the start of this document.

Back To Index

Where to get Zip/Unzip

Date: Mon, 22 Dec 2003 03:09:56 +1100
From: Gerry Patterson

This question comes up whenever I want a copy of the Zip/Unzip utility.
Where is it? I always make the same mistake of looking at GNU sites and
finding lots of copies of gzip. Then after searching with Google, I
remember ... Info-Zip. How could I forget these guys?

http://www.info-zip.org/pub/infozip/

Thanks Info-Zip!

Here is the way I install them on a FreeBSD System

Download the latest tars (as of the time of writing zip23.tar.gz and
unzip550.tar.gz) and unpack them in the work area)

	cd zip-2.3
	make clean
	make generic
	make install

(even though there were a few warnings)

For unzip, it was a little different ... Starting once again from the
work directory:

	cd unzip-5.50
	cp unix/Makefile .
	make clean
	make freebsd
	make install

Back To Index

Can't locate Test/More.pm in @INC

Date: Mon, 22 Dec 2003 03:37:03 +1100
From: Gerry Patterson

While installing from CPAN the following error came up:

    Can't locate Test/More.pm in @INC

There was a long list of what is included in @INC.

For some reason, some CPAN downloads fail with this message (most times
they just prepend the necessary package to the list and get on with it)

The package that is required is:

	Test::More

So just install Test::More and then retry the command.

Back To Index

Reading multiple lines with the shell

Date: Tue, 23 Dec 2003 01:58:25 +1100
From: Gerry Patterson

A trick which is very handy in shell scripts for fetching multiple lines
from a file or command (rather than stdin) is as follows:

	#!/bin/bash
	while read x ; do
		if [ -f $x ] ; then
			cat $x >> $OUTPFILE
		fi
	done < "${TMPDIR}/filelist"

This code reads a line from a file (${TMPDIR}/filelist). If the first
word is a legitimate regular file, then the contents of the file are
appended to $OUTPFILE.

Back To Index

Time to sell Microsoft?

From: Matthew Gurney
Date: Tue, 30 Dec 2003 06:43:57 +1100 (EST)

Just read your article regarding the similarity of MS now and IBM in
80s/90s. Makes a lot of sense. I am actually a fan of MS, I have a bit
of their stock. I think I will sell it and move to something else, but
with the current trend towards Linux, which I know will succeeed, which
will bring greater acceptance of Open Source in general, eg mySQL
(Noticed you were DBA's), looks like long term, software monoplies are
going to be hard to come by. Hmm, perhaps SAP or PeopleSoft??

Ed: Matthew connected via a dial-in line from British Telecom. He is not
the only one considering ditching Microsoft. As this is written, the
Israel government announced their intention to install open source
software on future desktop platforms.

Back To Index