Bringing Down a Copycat Site

On December 24, I discovered a site that was frequently selling our software.  Here is a summary of how we forced them to remove it.


Dec. 24, 2004:  I received an e-mail from a former colleague in the shareware industry saying he had received an e-mail from a company selling our MailList King software and was surprised to hear we had sold it?

I replied that I was surprised as he was, given that we had certainly not sold it.

He pointed me to the site www.****online.com (in order not to promote the site in any way I won't reveal the URL or other details of the company, e-mail me if you are interested in the specifics) that was offering our software.

The FRAUDULENT site was as follows:

 

As you can see their lead product was our very own MailList King (Note: MailiList King is mailing list management software, NOT spamming software), and they were using our logos for EZ-Pix and Amaze to promote other mail software.  In fact, the page very much resembled our own home page and even using the same heading text, "Developers of the following leading software."

The domain name seemed familiar and I searched our e-mail archive to reveal a hit.  A purchase had been made for MailList King only a few weeks earlier by a "Freddy C*****, London, UK" but had used a Hotmail address and looked rather suspicious, so we requested a non-freemail address to send the registration details to.  They had replied saying that we could send it to admin@****online.com and the transaction was fulfilled.

Faced with this information I was rather taken aback, here was a company that was purporting to have developed our software, was actively promoting it via e-mail, and presumably selling it using the registration details that we had supplied in response to what now appeared to be a fraudulent order.  Also users searching by the name of our software using the search engines might inadvertently end up on this site and purchase a fake copy.

I suddenly felt rather ill; that feeling that comes on when something that you have invested a great deal of time and effort on appears to be slipping away from you.

My first step in my plan to bring down the site was to discover the owner of the domain.  Using Whois , I determined that it had been registered to "Astrid K***, Verona, Italy" and the e-mail address was the same Hotmail one that had been used for the fake order.

I composed a few different e-mails varying between the polite ("Oops, you appear to have mistakenly claimed that the software I spent years writing is your own") to the downright threatening, and in the end settled on the standard "or else" approach:

Astrid,

Your site is reproducing our company's logos and product names without permission and you are fraudulently claiming that you develop and resell our software. You have 24 hours to take remove the offending items from your web site before we commence legal action.

Regards

Nigel Cross
Xequte Software
nigel@xequte.com
www.xequte.com

 

He responded within hours with the following defiant and downright illegal retort:

Hello,

How are you :)
what legal action u would take to remove it
it my home based hosting server ,Iam sure it would take you couple of k to come here
anyway I would remove it if you pay me or trade with me credit cards
other wise forget it
Iam doing great business
have anice day
hmm one more thing show me your registerd copy if u think that images are right reserved to you

 

Pay extortion to a con-man?  Never!  I would rather give my software away, and have him deal with all the complaints that he was charging for a free product.

The domain record for the site revealed two other possibilities, the URL had been supplied by networksolutions.com and the DNS server pointed to the web hosting company, Pak***.net.

I also looked at the header of the message and saw that it had been sent from the IP address 203.81.***.199, which I traced using a TraceIP service to a small ISP in Pakistan.

So now we had three countries and at least two names all pointing to the one e-mail address , it looked like I was dealing with a major fraudster.

I immediately forwarded his message to networksolutions.com customer service and the abuse e-mail address for Pak***.net, asking both of them to take down the user's site.

 

NetworkSolutions.com responded first with the following:

Dear Nigel Cross,

On November 1, 1999, a three-judge panel of the U.S. Court of Appeals for the Ninth-Circuit ruled that Network Solutions has no responsibility or duty to police the rights of trademark owners concerning domain names.

If the domain owner in question is conducting criminal activity we would ask you to defer to either the police or the proper authorities.

Thank you for choosing Network Solutions.

Sincerely,

Maria019
Network Solutions Customer Support

 

Which was frustrating, but rather understandable.  It would be a major task for a registration company if they needed to investigate the legality of a web site every time someone claimed a copyright infringement. 

So I thought I'd try a different tack.  Clearly our fraudster was located in Pakistan, while the registrant (payee) was located in Italy, presumably because a stolen credit card had been used:

Hi Maria019

That might be true, but I think if you check your records you will find it odd that someone who lives in Pakistan provided the credit card details of someone living in Italy to pay for their domain.

 

Regards

Nigel Cross
Xequte Software
nigel@xequte.com
www.xequte.com

 

But that proved to be a dead end with the friendly "Maria019" replying with the identical canned response as her first message (shortly after I received an automated e-mail from NetworkSolutions.com asking them to rate the customer service I received, boy was that ever an invitation for abuse).

 

I retired to bed for a restless night and awoke to find the following message from abuse@Pak***.net:

Hello Mr Nigel,

Why dont you mind your own business and dont bother us ok.Go and nock another door for help.Dont act as if your company is from microsoft.assholes

Admin

 

I hit a new low seeing my last avenue for assistance slip away.  But then oddly I found I had been copied on another message sent by abuse@Pak***.net to the customer:

Dear Customer,

We are in receipt of the below complaint for selling illegal copies of software and demanding customers credit card number for fraudulent transactions and/or asking for an extortion money as it is obvious from your below email to the complainant. This violates USA and international law and hence forth, Pak*** AUP policy. You agreed upon our AUP policy before you signed up:

http://www.Pak***.com/terms/

".... ILLEGAL ACTIVITIES : including but not limited to storing and/or distributing illegal copies of copyright software, hosting/maintaining inappropriate sites, violating trademarks and copyrights, violating US & International laws, selling and/or distributing illegal contraband."

Please take an immediate action in order to resolve the issue otherwise we might have to suspend your account with no refunds.

Should you need further assistance, please feel free to write us back.


Best regards,

Pak*** Abuse Dept.

 

So I went back to the first e-mail from abuse@Pak***.net and examined the message header.  Yup, it had been sent from the same IP address as our fraudster.  He was clever enough to change the reply address in his e-mail software, but too stupid to consider the message headers.

I waited to see what response the real message from Pak*** would draw.  While it could have sounded a little stronger (the "might" in the following line looked a little limp: "we might have to suspend your account") things were definitely looking up.

Soon after I received the following message from Pak***:

F.Y.I.

Regards,

Pak*** Web Services
http://www.Pak***.com

-----Original Message-----
From: simply **** [mailto:simply_****@hotmail.com]
Sent: Friday, December 24, 2004 9:50 PM
To: abuse@Pak***.com
Subject: Re: RE: Fraudulent use and resale of our software

Dear Sir,

yes sir I had some thing to say.
My Policy is to be with Pak*** for long term not for short term as I always prefer choosing hosting from Pak*** and recomend other as well.
Sir The software which Iam selling is legal I signed up from esellerate affilate program and the software was listed in their list if it was illegal they had removed the user by now.Iam also ask them that if its illegal then why its listed in esellerate for affilators program.if they claim that the software and image trade mark belong to them tell them why its listed in many software company affilators website and sir about fraud credit card.Its not that my website was  fully merchand but they complain and make my merchant cancelled this week by giving them just an email and without proof documets that its illegal.My site is advertised in major search engines I couldnt had left the order blank to show it unprofessional thats why just for temporarily I had given link.Thank you

your sincerely

Mohammed K***

 

I don't know if Pak*** believed his story, but I got the feeling that if they could avoid losing a customer they would.

(I wasn't sure what he meant by the merchant cancellation but guessed that a customer had twigged it was a sham and made a complaint).

I also simultaneously received two messages from the fraudster who was still talking tough. 

The first was the vague:

tsk tsk

I feel pity for you

Tsk Tsk

 

Followed by:

hi

how r u .Okey finally I decided to remove those shit software of yours because there are only 1,2 $ software.I had also decided to remove it from my other 5 online sites.You are surprise with only looking at one site what would happned if you look at all of them
anyway my terms and conditions are simple tell me who had made complain to you ,give me his email and fwd me his msg as well
I would completely remove all your software +one more thing I would also remove the crack which I had made and available at crack website,I mark my words I would remove ok on that condition.And on more thing stop that childish attitute of mailing the admin and complaining bla bla inter national  f*ck you laws and all that shits,I know now you had understood over network is not small
I had seen all your mails and that you said about credit card.lolz

Tsk Tsk

I feel pity for you

 

I wasn't sure if he was attempting to threaten me, convince me he was legit or was just having some mad tirade.

He was most certainly not a legitimate affiliate, we are very picky about accepting affiliates for MailList King and we had never even received an affiliate request from any of his names or addresses.

If he were a legitimate affiliate:

  • Why on his site did he claim to be the "Developer of the product"?
  • Why did he fraudulently purchase a copy of the software from our site using a London address
  • Why did he never try to advise us he was seeking affiliate status when we first contacted him?
  • Why was he using our logos for his other products?
  • Why did he try to extort us for money and/or credit card numbers?

I checked his site and nothing had changed.  He still hadn't removed our software or logos and was now trying to blackmail me to I reveal my source.  I can't imagine why, presumably for no other reason than to send an abusive e-mail in broken English.

I formulated the comments above in an e-mail to the Pak*** abuse department, but thinking better of it, I saved it to my e-mail drafts folder for possible sending later.

I had the feeling that the threat of having his site removed genuinely concerned him, so I sent him the following response:

Hi Mohammed

If you remove our software and logos from your site within the next 24 hours we will withdraw our complaint from your web hosting company.


Regards

Nigel Cross
Xequte Software
nigel@xequte.com
www.xequte.com

 

I waited about eighteen hours and still had no response, so I forwarded him his fake admin message with the following text:

Hi Mohammed

I don't think a reputable company like Pak*** would like to have you fraudulently misrepresenting their company in this manner.

It is clear from the header of the message that you sent the message.   I traced it back to 203.81.***.199/lhr63.***.net.pk.

I will need to advise them of this if I do not hear from you shortly.


Regards

Nigel Cross
Xequte Software
nigel@xequte.com
www.xequte.com

> Hello Mr Nigel,
>
> Why dont you mind your own business and dont bother us ok.Go and nock another door for help.Dont act as if your company is from microsoft.assholes
>
> Admin

 

Within minutes I received the following:

okey I had remove the logo and the software completely.

 

And with that single line I had won.  I checked his site and all references to our software were gone. 


 

Addendum

Shortly after posting this, it was listed on Slashdot and various other sites.  The reaction was overwhelming!  Many people contacted me with offers to help, including some in Pakistan.  They also flooded the fraudulent site's host provider with complaints and soon after his site was completely taken down. 


Return to the Xequte Home Page