Recently I have had a new email address created at nzart.org.nz
This address was published in an E newsletter and harvested.
The newsletter is published on the web in html format as well as sent out to members.
I have been in contact with one of the victims, survey.co.nz, to offer him some advice.
His domain is not being used but that did not stop spammy from using it to add some creditability to the phish attempt. The poor guy got a number of phone calls from people that received the spam as well as other problems.
I have long suspected that the registrar of survey.co.nz is an associate of Shane Atkinson and co and or Joe Dunning. I think privacy protect has something to do with this as well. As some would know privacy protect used a PO Box provider in NZ. All my tracking of this type of phishing over the years has yielded many dead ends and much of the anecdotal I had has been not recorded. kiwiphil.com is one lead that is still valid.
I have placed all the evidence that I have on my web server in a protected directory.
Anyone that has in this type of spam is welcome to take a look. The victim, Zane has tracked Joe Dunning to an address in Christchurch NZ and he will be sending me this info as soon as he can... His registrar has removed his DNS entry which I think is par for the course as previously stated maybe in league with spammy.
If anyone is able to assist with information please email me off list.
https://www.bencom.co.nz/zl-anti-spam/Login: ibr
Pass: ibr123rbi
Please forgive the bad ssl cert.
There is only one dir with the evidence.
The spam source has been identified as the Send Safe bot net which as you all know is the bot net Shane (Ex Mike Van Essen) and his spam gang use.
I have also included evidence from 2004 as I have a hunch the two are very related. In 2004 I was being attacked by the gang and eventually I tracked the source of these attacks to Dean Westbury after he made several extortion threats and a phone call. Dean used to send me very fresh virus files (Sobig and others associated with send safe) that were not detected by up to date scanners. There is a link between Dean and Joe (Joseph Dunning) in that they both have married Philippine women and as such I am told Joe visits the Philippines.
Any help whatsoever would be much appreciated as I have been on the issue on and off since 2003 when I got the first kiwi bank phish bounces. Note the dates... I lost the 2003 bounces somewhere in my archive but on Christmas day 2003 & 2004 the same type of attack was made by the scammers... I believe this was my Christmas message from the gang after I outed Shane earlier in 2003. In between the two lots of bounce messages I saw no bank phishing activity at all but after December 2004 the gang attacked NZ banks in earnest and have not stopped since. As you see when you view the spam there is a NZ source that allows the gang inside knowledge to NZ conditions and companies like survey.co.nz to target NZ'ers.
Be assured that if you access my web server your IP address/identity will never be released. If you need to use a proxy use the non SSL version of the URL but beware many proxy IP addresses are blocked at my firewall.
I will remove access to my server (IBR login) on Monday our time. Anyone who wants ongoing access to the ongoing investigation will need to email me for a personal login name.
I have reenabled resources to take up the gauntlet of spam fighting again and am running my own mail server again. From logs the same email addresses that the gang attacked in the past are still being attacked today despite the mail boxes being closed for some years.
TIA and best regards.
Peter Bennett aka Anony Mouse
Bencom Ltd
Posted: Thu Aug 19, 2010 7:18 pm 
