The Hunt for SpyAxe |
? | ? |
I've been having discussions for the past few days with a number of readers about SpyAxe. A couple of good points have come up.
First, the delivery mechanism SpyAxe uses, trojan horses, is probably illegal in most countries.
Second, the only place we know of to report them to is the Federal Trade Commission.
Third, it is doubtful if they can do anything about it. Why? Well, judging from the poorly written English on the SpyAxe website, they are likely based in some country where they can't be touched by the law. Their website claims they are based out of New Zealand, while their WHOIS entry indicates a Seattle, Washington address.
So where do these guys operate from? Hard to say ... a search of the US patent and trademark databases turns up nothing. But their website is hosted by a company called "NetCat Hosting" (www.netcasthost.com). The homepage is written in Russian, and a reverse IP lookup puts it in the Ukraine. However, WHOIS indicates that NetCat Hosting is based out of Sydney, Australia. The domain was registered at EstHost, a service provider known for hosting many CoolWebSearch sites.
So, the makers of SpyAxe may be based out of one of the following locations:
1. Seattle, Washington
2. New Zealand
3. Russia
4. Sydney, Australia
A search for Mr. David Alant out of Seattle turns up nothing. This is to be expected, as the 187th ave street address in WHOIS is not actually in Seattle. However, reverse directory on his phone number (206-954-3154) turns up David Ackerson, just a few zip codes away. Now we're getting somewhere! Mr. Ackerson is a coach for the Seattle Youth Soccer Association, and is/was an executive from a company that does have some kind of technical focus. It appears he was a donor to Shoreline Public Schools foundation in Seattle. Some more searching indicates possible (not confirmed) connections with WRQ, an IT security company, or NextLink (CEO of the same name). It is very unlikely that David Ackerson is the person behind SpyAxe.
Have any other leads? Email them to us at .
Updates:
1. The domain NOSPYWARESOFT.COM resolves to spyaxe.com. It is registered to:
Keramitsu LLC
David Alan Taylor (tailor.david - AT - gmail - DOT - com)
321th Melburn Street
Seattle
Washington,98107
US
Tel. +207.9545521
Note the two spellings of the last name, and also note "Melburn street", which may perhaps be a reference to the Australian city.
Keramitsu, LLC does not appear to be an existing LLC, or at the very least, does not have a web presence. "Keramitsu" literally means "three bugs" in Japanese. We can speculate that this may refer to three security holes being exploited by the software (Thanks to Jim Canter for the translation).
The phone # is not in service.
2. David Taylor is the name of a senior information security specialist at the University of Pennsylvania. David was investigating a worm that had infected the University's computers. This worm would log into an IRC channel, where it could download spyware to infect the host computer. Mr. Taylor logged in and found Diabl0 aka Farid Essebar, the author of the worm. He proceeded to have a discussion in which Diabl0 indicated that the worm (Mytob) installed toolbars and lowered the security settings of Internet Explorer, thus allowing more ads to be delivered to end users. Diabl0 was anonymously collecting money on the other side for these advertisements.
This strikes up an interesting possibility - Diabl0 is at it again, this time with new trojans (Zlob and ZToolbar).
Other searches indicate that Diabl0 may be based out of Morocco. Further speculation (without any verifaible facts behind it, but interesting nonetheless) states that this scam may be funding Al Qaeda or other terrorist groups.
Diabl0 was arrested in February, so he's not behind it. However, he did sell the source code to others and new variants of Zotob have been discovered since his arrest. Most likely, the creators are associated with his hacking group, 0x90-Team.
3. Other domain names related to SpyAxe include: nospywaresoft.com, almanah.biz, spyaxe.net, and spyaxesupport.com.
Adware Report | Site Map | spyware reviews | Recommended Books...