Thursday, December 20, 2007

Tangled web of Herbal King/Elite Herbal, Genbucks, _________ (*) etc.

I have been looking even more into the connection between Herbal King/Elite Herbal, Genbucks, __________ (*) and Shane Atkinson and what a tangled web, I don't think I have discovered everything and still I don't know where to start and stop.

Maybe it's a good idea to start with listing what is already known and reported in my past posts about the Herbal King/Elite Herbal spammings

  • 8-9 months ago I found out that the validation in order forms of Herbal King/Elite Herbal sites was poor and I was able to inject a little piece of code that sent a request back to one of my servers when orders was read. I then discovered that the orders was read by a few different IP-addresses one belonging to ____________ (*) in India and one being a DSL connection from the provider IHug in New Zealand. I send complaints/questions to both companies but didn't get any further, actually from _______ (*) I never received a response despite numerous emails + faxes

  • 3 weeks ago I was contacted by BBC who was doing a radio programme about spam and they had choosen Herbal King/Elite Herbal spam as their subject as they was also very tired themselves of the numerous spam mails from these spammers. They wanted to dig further into the connection to ___________ (*) and New Zealand that I found. BBC ordered some products from the Herbal King/Elite Herbal sites and received email verification that the products would be shipped from Ukraine or India (Two locations where __________ (*) is represented). BBC found out that the payment was done through ServePay.com, and looking at the WHOIS information for this site led them to Genbucks. BBC called Genbucks and the responding employee more or less admitted to being an department of ___________ (*) and also that the Herbal King/Elite Herbal sites was theirs. BBC also used the New Zealand link and IHug (owned by Vodafone) to get the name of Shane Atkinson, known for spamming years back but supposed to have left this "business". Shane denied allegations when contacted by BBC.

  • After the BBC radio programme was broadcasted the New Zealand authorities chose to raid properties in Christchurch, New Zealand. The New Zealand authorities was already investigating these people and was afraid they would be alerted by the attention drawn to them by the radio programme.

So far so good. Next question is how tight is the connection really between the Herbal King/Elite Herbal spammings, Genbucks, ___________ (*) and Shane Atkinson.

What led me from Herbal King/Elite Herbal and to _________ (*) was the little piece of code showing that __________ (*) was reading orders exactly as I typed them in at the order page of Herbal King/Elite Herbal sites. This just shows some kind of connection, but not really how tight. It could be a single ____________ (*) employee helping a spammer without the knowledge of the corporation, it could be that _________ (*) was supplying an interface for customers to automatically submit orders and therefore didn't know anything about the products was being sold etc. So __________ (*) could have given me a well made up explanation like that and I would probably have believed them . Ignoring my complaints just made me more curious.

What led BBC from Herbal King/Elite Herbal and to Genbucks was the ServePay.com service on their bank statement. When looking at WHOIS information for this domain you could see the email address support@genbucks.org. I say "could" because the day after the BBC radio programme was broadcasted the WHOIS information on ServePay.com was changed so it now looks like this



So it seems like they have chosen a WHOIS protection service but I never heard of this one before and then I discovered that the address shown for this WHOIS protection service is the same address as shown for Genbucks themselves



And when looking at the WHOIS information for safe-whois.com this actually pointed me directly back to Genbucks too... so not very succesfull attempt to hide that ServePay.com is owned by Genbucks.

So Genbucks is also pretending to be a WHOIS protection service besides being a payment gateway. Actually I have found out that Genbucks is behind a lot of different sites not only related to their herbal products, many different payment processing sites (servepay.com, custpay.com, ezbill.biz, nzbill.com), E-trading bureau approving their own sites, PageRanking services ranking their own sites highly, Pillranking sites ranking only their own products and all with good reviews etc. Unethical marketing if you ask me but again I'm only after the spamming...

Last week when trying to track down further evidence of the connection between _________ (*) and Genbucks I came across a web design portfolio of a Canadian web designer at http://www.x-jhed.net/portfolio.php which showed that he had actually created design for both Genbucks.com and __________ (*). Luckily I have a screenshort of how it looked like a week ago

_____IMAGE______ (*)

Notice the second + fourth reference in the fourth row, that is Genbucks + ________ (*). If you go to the site today then the Genbucks reference have been removed. Is that just a coincidence? I have send en email to the owner of the site but have received no answer yet. But actually some of the other references is for Genbucks related sites too.

To see if I could find further indications of the relationship between __________ (*) and Genbucks I got access to the incorporation documents and other public documents for ____________ (*) (Fee of 50 Indian Rupees ~ 1.2 US Dollars in fee to Indian Government... what a bargain). I could see that after one of the directors resigned earlier this year there is now two owners/directores of __________ (*) back, __________ (*) and ___________ (*). Also one of the readers of this blog sent me a comment about GenPharma International also being related to __________ (*) so I checked their incorporation documents too and correct two of the owners of GenPharma International is ____________ (*) and _____________ (*).

This is interesting because I searched a little in the historic WHOIS information (thanks to domaintools.com) of some of the Genbucks domains and discovered that back in 2005 the genbucks.org domain had a ___________ (*) registered as the owner of the domain with the same address in India that _____________ (*) used in the incorporation documents for GenPharma International. Now adays they have the Genbucks "WHOIS Protection Sevice" listed instead on the genbucks.org domain.

It should also be mentioned than even though Genbucks show an address in the republic of mauritius on their homepage then it's public known (they have confirmed so in the Genbucks forums) that they are based in India.

But back to the name _____________ (*), because it actually turns up ones again (nicely spotted by Susan from Spamhaus) and this time we are really talking something extremely interesting, a Genbucks affiliate blogging about Genbucks. See his Genbucks blog and notice the third section



The blogging affiliate has been so lucky to meet the owners of Genbucks and have even been taking a nice picture. And the name of the Genbucks owners are Shane and _______ (*)! Based on the image on this site www.clueby4.com I think there is no doubt that Genbucks owner Shane is actually Shane Atkinson and my guess is that the other Genbucks owner ________ (*) is actually __________ (*) which as mentioned is also one of the owners/directors of ___________ (*) and GenPharma International. It seems like the connection between Herbal King/Elite Herbal, Genbucks, __________ (*) and Shane Atkinson is even tighter than first expected.

But the tangled web is even bigger. I mentioned the E-Trade Bureau (etradebureau.com) site that Genbucks owns and which approves Genbucks own sites. There was one of the sites listed that at first didn't seem directly related to Genbucks but it still caught my attention because it was a dating site in New Zealand, webdate.co.nz. When I went into the dating site I found a banner at the bottom advertising 'SpermoMax' which is a Genbucks product but noticed than instead of the normal spermomax.com site this banner linked to spermomax.co.nz (a domain also owned by Genbucks) and I noticed that it used a payment processing site called nzbill.com which was also different from the other site. I searched WHOIS information for nzbill.com with the expectation to find Genbucks once again listed as owners but I got a surprise



It's not Genbucks listed as owner, but a company called Etech Media in Christchurch, New Zealand, the city where spammers were raided by New Zealand authorities few days ago. The company can be found on etechmedia.net. When looking at the contact page on the site I saw the contact email and instantly I had that feeling that I had seen the name 'jas' before



And correct. If you go back to the image of Shane and __________ (*) you also see a person named Jas and refered to as Affiliate Manager at Genbucks.... again one of those "coincidences" and the next one was only a click away when I looked at the portfolio for Etech Media



All 6 websites listed there are sites belonging to Genbucks and another funny little thing is that at least two of the sites (scibody.com + le-nile.com) is also listed in the portfolio of the Canadian web designer I mentioned earlier. Maybe he did graphical design and Etech Media did backend programming...

Scibody.com is actually a site belonging to Genbucks that sells MP3 Players. As can be seen from the news bulletin from ___________ (*), then ___________ (*) is actually involved in business with the same range of MP3 Players

___IMAGE_____ (*)

My guess is that when New Zealand news sources says that "Two christchurch businessmen was interviewed during the raid" it could very likely be businessmen with a business name of Etech Media, but it's only a guess.

There is probably more relations to be found If I look in all the corners but I think by now there should be no doubt that there is a tight connection between Herbal King/Elite Herbal sites, Genbucks, __________ (*) and Shane Atkinson.

What we can only wait for now is for the New Zealand authorities to find out exactly how many people was involved in or knew about the heavy spamming done to advertise the Herbal King/Elite Herbal sites, and that is my main interest, because in all this untangling of different companies, sites etc. it's important to remember that being owner of different companies is not illegal or necessarily a sign of cover-up, it's actually very common. It's also worth remembering that probably most of the Genbucks affiliates are using legal methods to advertise the products, I think some of Genbucks "marketing practices" with E-Trading bureau that approves their own sites, Pillranking sites that make review of their own pills etc. are unethical but probably not illegal, and personally I doubt (without any evidence) that their pills actually have much effect, except maybe psychological, but the fact is that all in all then if it wasn't for the spamming it would probably be a legit corporation and affiliate programme.

(*) Reference to entity has been temporarily removed due to temporary injunction placed on the blog and the author of this blog in the case CS (OS) 218/2008 under process in Delhi High Court. Further information about the injunction (order) can be found here:
http://courtnic.nic.in/dhcorder/dhcqrydisp_o.asp?pn=20089&yr=2008

Wednesday, December 19, 2007

Herbal King/Elite Herbal: Spammers raided in Christchurch, New Zealand

I thought I had made my last post before christmas but things are moving fast now regarding the Herbal King/Elite Herbal spammer

First BBC was also running a news article regarding their investigation http://news.bbc.co.uk/2/hi/uk_news/magazine/7140449.stm

And now different New Zealand news sources report about a raid on 4 properties in Christchurch, New Zealand where 22 computers and boxes with documents was seized and I believe the raid to be against Shane Atkinsion and friends, the alleged Herbal King/Elite Herbal spammer. According to the news sources the New Zealand authorities was already investigating these spammers but had to move quickly now because the BBC investigation alerted the spammers.

Scoop: Anti-spam raid in Christchurch
New Zealand Herald: Spammers targeted in Internal Affairs raids
Stuff: Suspected spammers raided in Chch

Let us hope the spammers was too stupid to be alerted so the New Zealand authorities finds lot of interesting information in the seized computers and documents, especially it's interesting to see if they find any evidence that shows that Genbucks / ________ (*) was surely aware of how their products was being advertised.

(*) Reference to entity has been temporarily removed due to temporary injunction placed on the blog and the author of this blog in the case CS (OS) 218/2008 under process in Delhi High Court. Further information about the injunction (order) can be found here:
http://courtnic.nic.in/dhcorder/dhcqrydisp_o.asp?pn=20089&yr=2008

Monday, December 17, 2007

Lawsuit against me by _________ (*)

In my last two posts I have been telling about the BBC investigation that among other things have verified the connection between the Herbal King/Elite Herbal spammer and ____________ (*).

What wasn't mentioned in the radio programme is that BBC also send questions to an authorised representative from __________ (*) in which BBC mentioned me however not by name but just as a "Danish IT Professional". The authorised representative from __________(*) however responded by telling BBC that they belived that the "Danish IT Professional" mentioned was me (identified by name) and that they have filed a lawsuit against me at Delhi High Court for harassment and would therefore not make any comments about the case. BBC of course as part of their research asked me for a comment about this lawsuit which was how I heard of it for the first time.

Well if __________ (*) can't then atleast I can make some comments about this "lawsuit"

1) I have never heard of this lawsuit before now. I have never been contacted by any lawyers or by the Danish/Indian police regarding this matter

2) They claim that I have been harassing them. Yes I have send numerous email/faxes to ___________(*) with complaints and questions but I'm sure this can not be defined as harassment. Not once have they responded to my complaints/questions or asked me to stop sending them email/faxes. Weird way to react to file a lawsuit before even once trying to stop the "harassment" by responding to one of my email/faxes.

3) They claim I have been threatening them. Well if telling them that I would hand over information to Indian Newspapers, regarding their connection with a well known spammer, in case they don't answer my questions is threatening then I'm guilty but I'm not exactly loosing my sleep over that.

4) They claim I have made false statements about their company. From my point of view I have just told exactly what I have discovered, I have never told that __________ (*) is directly behind the spamming but been open to different other explanations. I have given _________ (*) numerous possibilites to answer the "allegations" I have made against them and not once havde they chosen to do this or asked me to stop blogging about their connection to the Herbal King/Elite Herbal spammer.

I have now been writing to __________(*) again to hear more about this lawsuit, but it will not surprise me if they just keep ignoring me. Well if there really is a pending lawsuit then sooner or later they (or their lawyer) will have to start communicating, not just ignoring me....

(*) Reference to entity has been temporarily removed due to temporary injunction placed on the blog and the author of this blog in the case CS (OS) 218/2008 under process in Delhi High Court. Further information about the injunction (order) can be found here:
http://courtnic.nic.in/dhcorder/dhcqrydisp_o.asp?pn=20089&yr=2008

Friday, December 14, 2007

The Investigation: Herbal King/Elite Herbal, _________ (*), Genbucks, Shane Atkinson (Follow up)

In my last post I was mentioning a BBC radio programme broadcasted less than 12 hours ago, and those of you have already been listening know why. Otherwise you can listen to the programme on BBC Radio 4: The Investigation

As you can hear in the programme then BBC did an interview with me and was using my research regarding a connection between Herbal King/Elite Herbal, ___________ (*) and Ihug (DSL Provider in New Zealand) in their investigation and did end up with some interesting conclusions.

When BBC ordered some products from a spamvertised Elite Herbal site and afterwards tracked the money through the Bank they ended up with the name of the payment provider servepay.com. As mentioned in the radio programme then servepay.com is a domain registered by Genbucks in India (Genbucks is an affiliate programme that claims not to accept spamming affiliates). Simon Cox from BBC then called Genbucks and used my research about the connection to __________ (*) to ask, what I will define as a trick question, because he asked the Genbucks employee who responded the phone "if it was ___________ (*) he had called". As you can hear in the radio programme then the employee did admit that genbucks is an "department" of __________ (*) and that Elite Herbal is one of many sites marketing the products that Genbucks/___________ (*) sells.

So what can we make of this research

1) BBC used another approach than mine to track down who is actually receiving the orders on Herbal King/Elite Herbal sites but we both ended up with the same result which is ________________ (*), the BBC research showed that this is done through the affiliate programme Genbucks which is either controlled by ____________ (*) or very closely related to them.

2) A Genbucks (_________(*)) employee did admit that the Elite Herbal site is one of their many sites, even though it's difficult to conclude if that employee really understood that what he was admitting is to know about a site heavily involved with spamming and advertising Genbucks (____________(*)) products.

As you might remember then the connection between Herbal King/Elite Herbal and __________ (*) was not the only connection I found when doing my research, I also found a connection to New Zealand, more precisely a DSL provider called IHug. In the radio programme you hear Simon Cox from BBC mentioning Vodafone, which is probably because Vodafone is well known in the UK, but the fact is that Vodafone has bought IHug, New Zealand, so what he is actually talking about is the IHug, New Zealand connection I found. It's not mentioned directly how they got the information (if IHug provided the information), but BBC has somehow used my information and tracked down the spam to be sent by Shane Atkinson in New Zealand.

Shane Atkinson (and his brother Lance who lives in Australia) has been involved in spamming before and been under investigation by FTC (Federal Trade Commission). As it can be read in the Wikipedia description about Shane Atkinson then he should have left the spamming industry some years ago, but this research from BBC shows differently, apparently he is still active and the "Herbal King/Elite herbal spammer". Shane denies these allegations but the matter is now dealt with by the New Zealand authorities.

So to summarize a long story; This have been a great day for my little blog thanks to BBC, and I hope this is the first step in order to stop the Herbal King/Elite Herbal spam from ending up in not only mine, but also your inboxes.

(*) Reference to entity has been temporarily removed due to temporary injuction placed on the blog and the author of this blog in the case CS (OS) 218/2008 under process in Delhi High Court. Further information about the injuction (order) can be found here:
http://courtnic.nic.in/dhcorder/dhcqrydisp_o.asp?pn=20089&yr=2008

Thursday, December 13, 2007

The investigation of Herbal King/Elite Herbal, _________ (*) etc.

This evening at 20.00 (UTC) BBC Radio 4 broadcasts a radio programme called "The Investigation" in which BBC investigates different current affairs and this evening the programme is about spam - BBC Radio 4: The Investigation: 13 December 2007

But not just any spam but my old time "friends" Herbal King/Elite Herbal (Now adays also known as Express Herbals) and ____________ (*) who I have been blogging about for some time. I don't know exactly what information will be revealed in the radio show, so I'm looking forward to listening myself, but I have been sharing information with BBC and I know they have been able to dig deeper and follow up on the connection I also found between Herbal King/Elite Herbal and __________ (*), I know they have managed to get some comments from __________ (*), I know they found connection to other organizations.... and then I have discovered that _________ (*) is not big fans of my blog here, I wonder why :-)

I will be following up with more information after having listened to the radio programme myself.

*) Reference to entity has been temporarily removed due to temporary injuction placed on the blog and the author of this blog in the case CS (OS) 218/2008 under process in Delhi High Court. Further information about the injuction (order) can be found here:
http://courtnic.nic.in/dhcorder/dhcqrydisp_o.asp?pn=20089&yr=2008

Thursday, December 6, 2007

Busy busy busy but still kicking... and was I fooled by eBullz?

I'm extremely busy at the moment and sorry to say not with fighting the spam in my inbox. My funny little spare time activity here is suffering from the fact that I don't have much spare time but need to focus on the part of my business that will hopefully earn me some money.

But anyway I'm sure christmas will not be celebrated without at least one very interesting update regarding one of the spammers I have been "playing" alot with... so stayed tuned for that one.

Besides that then another case that I haven't done more about has popped up again, leaving me with the big question of whether I was fooled by eBullz or not...

Back in July I found a connection between ED Pill Store and a company called eBullz which run different sites, eHealthyLife.com, eHoodiaLife.com, bullzbuck.com etc. I found some small things that seemed a little weird, like for example a Xavier Ratelle (on spamhaus ROKSO list) working for the company that helped develop these sites but after talking with the owner (Abby) of eBullz I was convinced that HoodiaPlus (that ED Pill Store is involved advertising through spamming) was just a knock off of HoodiaLife sold by eHealthyLife.com, that Xavier Ratelle was not involved and actually not even known by the owner and I did find no proves that eBullz was involved in spamming.

For the entire story read these posts:

ED Pill Store: The hoodia certificate (Part 1)
ED Pill Store: The hoodia certificate (Part 2)
ED Pill Store: Follow up on eBullz (victim)

But now I have discovered that FTC has started a case that involves eHealthyLife.com and eHoodiaLife.com, a case that also mentions HoodiaPlus (the name used by ED Pill Store) and where Xavier Ratelle is one of defendants. Lawsuit is regarding both misleading advertising (false product claims) and spamming. Besides Xavier Rattelle the defendants is two persons from Spears Systems inc, a company that I have never heard about before.

Documents regarding the lawsuit can be found on www.spamsuite.com

The sites eHealthyLife.com, eHoodiaLife.com has been taking offline based on restraining order and eBullz.com and Bullzbuck.com seems to have been taking offline too, don't know if this is related to the lawsuit or not.

I actually send an email to Abby from eBullz who was so kind to answer my questions last time and to my surprise she was just as fast and kind to answer me again this time, when I asked for a comment regarding the lawsuit. But I must admit that the answer just left me confused on a higher level.

In short she told me that yes there is a temporary restraining order on the herbal products they have been selling based on misleading advertising, but that they are about to settle this matter with FTC. For the spamming part she tells that FTC have to go after Xavier Ratelle, because she still know nothing about him, even though it in the FTC documents is stated that he is doing business on eHealthyLife.com, and she tells that the spamvertised HoodiaPlus products must be something that Xavier Ratelle knows about.

I have many wild guesses, from that I'm being fooled by Abbys (eBullz) kindness and willingness to answer my questions to that Xavier Ratelle maybe stole business idea, webpage code etc. from eBullz when being contracted to help them with developing eHealthyLife.com and afterwards used this, maybe with help from Russian spammers, to make a business for himself. Only thing I'm sure of is that it will be interesting to follow the progress on the case, to see if any of my theories are correct.