PGTS PGTS Pty. Ltd.   ACN: 007 008 568

point Site Navigation

point Other Blog Threads



  Valid HTML 4.01 Transitional

   Download Kubuntu Today

   Ubuntu

   The Power Of KDE + Ubuntu






PGTS Humble Blog

Thread: Internet Security/Malware/Spam

GP JPG
Gerry Patterson, The man who almost invented humble sarcasm tags(Invisible to non-sarcastic browsers)

Cashblasterpro.com Spammers


Chronogical Blog Entries:



Date: Thu, 26 Jun 2008 11:56:30 +1000

On Thursday the 12th of June, I started to receive a lot of spam claiming to be from Robert Kuntz and BJ Bishop. It was coming mostly from non-portable addresses, and it was very aggressive. Although Spam Assassin was diverting the spam to my spam folder, it was repeating constantly.

Going back through the system logs I noticed that several RTBLs were not available during the period June 09-15. So this might have been the result of a co-ordinated attack on various RTBLs.

At the time, my main concern was the sheer volume of spam being diverted to my spam inbox. It was the same email over and over. In order to stop it I black-banned the offending IP addresses in the postfix access DB.

This incident prompted me to finish a script that I had been working on for a while. It is a perl script that automatically black-bans offenders for 24 hours. I call this the SA (Spam Assassin) Sin Bin. As I have become confident of the fact that Spam Assassin will not return false positives (because I've tuned it that way), I now feel sanguine about implementing this script. I will try to release details of it soon.

I was so busy with the technicalities that I didn't bother checking further about Robert Kuntz and BJ Bishop. At the time I had thought it might be an early Friday the 13th type jape, which spammers seem to think is so amusing.

It turns out this was the work of a nest of very bold spammers. The domain which they were promoting, cashblasterpro.com, makes little attempt to hide itself or their operations or their phony, scamming, scummy intent. Their sites (and affiliated sites) are chock full of the most blatant, outrageous bullshit, sprinkled with technical jargon, that I have encountered this year. I won't even dignify the load of bollocks on their sites further by commenting on it. If you are curious go and visit them. Just be careful if you are low-level Microsoftie using IE. These guys are just the type to deploy rat-cunning malware dirty tricks against unwary visitors. It would be a lot safer to go to scam.com and read the thread about Robert (if that is his actual name) and his activities.

Cashblasterpro.com is registered by our old friends TUCOWS Inc, as are the domains robertkuntz.com and bjbishop.com.

Robert Kuntz (if that really is his name) is listed as the administrative contact for the cashblasterpro.com domain. The details are as follows:

	Robert Kuntz
	1560 NW 128th DR #108
	Sunrise, FL 33323 US

BJ Bishop, if that really is his name, is listed as the administrative contact for bjbishop.com, also at the same Florida address:

	Bishop, BJ
	1560 NW 128th DR #108
	Sunrise, FL 33323 US

Laura Lynch (if that is a real person) is also mentioned as someone who helped design these sites. Seems she works at the same address.

Another domain registered at this address is web2upgrade.com. Both web2upgrade.com and cashblasterpro.com use the same primary and secondary nameservers (ns11.cashblasterpro.com and ns12.cashblasterpro.com) Robertkuntz.com and bjbishop.com use the nameservers ns1.web2dashboard.com and ns2.web2dashboard.com.

Web2dashboard.com is another domain administered by our old mate Robert Kuntz, and operating from the same Florida address. It must be one busy little place there in Florida, operating all of those domains.

These sites appear to use a San Fancisco company, 123cheapdomains.com as their ISP. All of them are registered by TUCOWS Inc.

That busy little location in Florida appears to be a genuine address in Fort Lauderdale. Or at least Google Earth will take me there. It looks as if there is a block of offices close by. I cannot tell if there is an actual sign saying "Cashblasterpro.com", since Google Earth will not show me a street view. But the aerial view shows only a few car parking spots out the back. I don't know how all those people, Robert, BJ and their helper Laura and their staff and all the staff for web2upgrade.com and web2dashboard.com, robertkuntz.com, bjbishop.com, etc all fit in that small space ... Especially if some of them drive to work!

It seems that Robert (if that is his real name) started out with the email address of stilladreamr@yahoo.com, which he has used as the Administrative contact for many of his domains.

It also seems at one stage, stilladreamr had an eBay account. However the account was suspended for non-compliance. He may have had an interest in motorcycles.

There is also a veritable splodge of sploggers (if I can coin a collective noun), creating bogus entries in various blogs about what a great new technology Robert and his spammer buddies have discovered and how they are going to make you rich, if you just give them your personal details. When I googled for Robert Kuntz (how do you pronounce that?) I found ample evidence of splogging.

The scam is a type of pyramid scheme, that these days is often referred to as Multi-Level Marketing (MLM). It probably also includes harvesting email addresses, credit card numbers and personal information. In the past they may have been involved with the mortgage spammers, who always had a strong presence in Florida. The mortgage spammers seemed to have connections with organised crime as well as the more shady side of the finance sector. However that is speculation on my part. To date I have not found concrete evidence for the mortgage connection. However, Florida has been a haven for mortgage spammers in the past. I imagine that the perpetrator is a small time fraudster with aspirations to make it to the big-time.

Now, you might consider me incredulous, but, I do make a living out of being a sceptic. And I couldn't help noticing that the names Robert Kuntz, BJ Bishop and Laura Lynch already have entries in Wikipedia, for different (and legitimate) activities. Which is why I suspect that these names are phony. Of course that doesn't mean the sites cannot be shut down. We know the IP addresses. We know who registered them. They can be taken down in a couple of milliseconds. We just don't know their real names and addresses.

Of course I could just be a mistrustful sceptic and there really are three conscientious little Florida citizens, Robert, BJ and little Laura, all of them working their little buns off just trying to get a sizable piece of the American dream before they retire early (with other peoples' money).

But on the other hand it would be possible to shut them down. If someone accused them of being affiliated with a weird Islamist group, they'd be off air in less time than it would take to type "Google" into "Google".

Last century, before the lawyers, scam-artists and spammers made such a big move on the Internet, a domain like cashblasterpro.com would have been taken down within a couple of hours. These days it will probably take weeks or months to shut these scam-artists down.

Of course the netblocks from which the spam originated have now changed hands.

This does not do a lot to promote confidence in the Internet or the US authorities abilities to enforce the law. It does foster Florida's inglororious reputation as the spam capital of the world and TUCOWS Inc as the spammers' preferred Registrar.

If anything it illustrates how ineffective and ineffectual US anti-spam laws are, when a crew like this can openly and persistently flout not only those laws but several other laws regarding fraud, identity theft etc.


Update: Since this post was written some other information has come to light. It seems that the name Robert Kuntz may be genuine. You can read more here.


Other Blog Posts In This Thread:

Copyright     2008, Gerry Patterson. All Rights Reserved.