Professional Documents
Culture Documents
Who's Behind The "Windows Update" Scam? PDF
Who's Behind The "Windows Update" Scam? PDF
This information is not organized too well. Just dropping it here as I dig it up. My apologies.
This is clearly garbage, so I thought I would set out to find out who is behind it. Here’s what I
have found - please supplement my findings with any of your own research. You can see a
recorded interaction with these individuals over on the Malware Bytes blog.
Domain http://compfixo.com
ipaddress 192.95.15.61
Facebook https://www.facebook.com/Compfixo
https://www.facebook.com/ceylontechnicalsupport
LinkedIn www.linkedin.com/in/compfixo/
CompFixo has been endorsed by only one person on LinkedIn, Kunal
Deshmukh allegedly of Prerana Technologies. Kunal Deshmukh was
endorsed by CompFixo on LinkedIn for "CRM".
This same type of scam is reported as coming from a company called Ceylon-Tech (Google
reports bad SSL certificate - Expired). When searching for this, I found a YouTube promo for
this company on an account belonging to Sourav Gupta. Sourav can be found on twitter as
@SouravGupta. Sourav follows @CompFixo. Sourav is following several “Call Center Today”
accounts on Twitter.
Ceylon Tech also has apparently spammed the heck out of pinterest, again as Sourav Gupta.
Sourav lists Adicent Consulting (http://www.adicentconsulting.com/) on his Twitter account, as
well as on his LinkedIn account. This domain is currently privately registered, and does not list
Sourav in a WHOIS search.
Logo Similarities
Sourav Gupta
Sourav is the common denominator in all of these data points. This name is often times found
as the Admin or Technical Contact on WHOIS searches for various domains. It is also the name
used for setting up facebook pages, and pinterest accounts.
Sourav Gupta (April 26, 1983) has a Facebook profile that references Ceylon-Tech, as well as
some other related entities. Sourav’s primary profile is under the name “Simar.Sourav”. Sourav
also has a Facebook Page dedicated to himself.
E-mail rick.sourav@gmail.com
Skype simar.sourav
MSN simar.sourav
Gtalk rick.sourav
Mobile 1-408-770-5950
● Adicent Consulting
Founder · Pune, Maharashtra · Feb 4, 2012 to present
● Ceylon Infotech Pvt. Ltd.
Director Operations · Pune, Maharashtra · Feb 3, 2012 to present
● SGBS Corp
CEO & Founder · In 2007
On September 9, 2011 Sourav was seen on LinkedIn soliciting a call center to help sell Internet
service upgrades for a 20-40% discount. Sourav was also found to be requesting “premium
minutes for swiss mobile”.
Mail Online India reported on January 12 of 2013 on a “Call Centre Fraudster” by the name of
Saurabh Gupta. This may be nothing more than a coincidence that somebody with a very
similar name was engaged in call-centre fraud.
Sourav has been seen representing “Simar World” (old ning site, simarworld.ning.com) and
“Simar International Inc”, asking for 500 individuals to make calls from home. The email used
was simarinternationalinc@gmail.com. Sourav also used sourav.gupta@simarinternational.com.
Sourav gives a bit of insight into how his marketing mind works, during a call for additional
companies/call-centers to work with him. New email is introduced: support.simar@gmail.com.
Kunal Deshmukh
Email: preranatechnologies@gmail.com
Phones: 0 982 341 3107, and 91 982 341 3107
Email: kunal.deshmukh@preranatechnologies.com
Email: kunal@preranatechnologies.com
Email: kddacraker@gmail.com
Skype: kddacraker
MSN: preranatechnologies@live.in
Mobile: +91 985 000 5522
Both phone numbers were provided in different messages. There is likely a typo among the two,
since they differ ever so slightly.
Kunal also operates under the name “kddacraker,” as seen in the older exchange above.
Additionally, this name is associated with his image, and Prerana Technologies. This name (or
nickname?) is familiar – it happens to be used in the DNS servers for CompFixo.
kddacraker.com is under private registration.
On some forums, “kddacraker” signs posts with a simple “kd,” which also happens to be Kunal
D’s initials. I suspect “KD The Cracker” is a nickname that Kunal has adopted online.
In 2009, Kunal revealed that his call center was trying to setup and use VICIdial, further allowing
themselves to dial to multiple countries with ease.
In another old exchange, the kddacraker handle was used in a gmail address
(kddacraker@gmail.com) by “Vishidanand D,” also identified in the same thread as “Vishi1900”.
Kunal states that vishi1900@yahoo.com is his email address in another forum exchange. A
skype username of Vishi1900 comes up when searching hddacraker@gmail.com.
It could very well be that Kunal is nothing more than gentleman providing a service to those
responsible for the Compfixo/Ceylon scams. He could be entirely innocent.
In 2006, it appears Kunal (kddacraker) had his interest in CAD. This guy is looking less involved
the more I dig. Would love to know if anybody finds evidence to suggest otherwise. Just
appears to be a guy who has been involved in technology most (if not all) of his professional
career; starting with CAD, moving to hosting services, and most recently call center technology.
Rick Carter
One report states that upon purchasing CompFixo’s services, they found that their money was
sent to “Rick Carter/CompFixo”.
People/Sites Of Interest
Geek Support Live
Just came across another site that is performing the same scam, using the same software
(Team Viewer), and operating under a very similar website. These calls are reportedly coming
from 1-888-214-5887. A WHOIS search shows that this domain was privately registered, and
therefore doesn’t reveal any information about who is behind the service. The service is hosted
with GoDaddy, as is the case for many (if not all) of the others.
Upon searching on Trius a litlte more I came across http://triuscalling.com/, a provider of call
center services. This domain is also registered, and apparently managed by, Sumit Bahl. They
are on twitter at @HRTrius, and on LinkedIn as Trius Calling Solutions Ltd.
Google Plus appears to be a means by which Trius spams through another name, Triu Tech.
Kunal Bhatia?
Kunal Bhatia
Kunal liked many of the posts on the Trius facebook page. It appears that he is likely an
employee of Trius Tech Support. Kunal has a facebook account where he has posted images of
his team, and place of work. Relevant images are shown here.
Tony Katavich (Haldeman, LLC, Facts and Information, LLC, Hogan Minings, etc)
Tony Wayne Katavich (born July 17, 1980), of Haldeman, LLC. Connected to what are claimed
to be additional scams. The Haldeman, LLC company is reported as sharing the same physical
street address as Ceylon Tech, as stated below.
Katavich had to pay roughly $35,000 to an ex-employee (Mia Nelson) who said her job was to
create fake blogs to add noise to company search results, so as to keep people for reading
negative feedback about her past employer. See Behind the Nixon Statue. See also Katavich
and TVWorks Ltd - 2010-064. Haldeman, LLC logs news over at haldemanllc.wordpress.com,
and haldemanllc.blogspot.com (Yes, two domains, maybe Mia was right…).
Katavich apparently had another company in the past, Hogan Minings, which he registered as
his handle on Twitter. Hogan-Minings.com was registered by Facts and Information, LLC. It too
shares the same common physical address on Hazelhurst in Houston, TX.
Geographical Curiosities
Sourav Gupta, the individual who registered CompFixo.com and identifies himself as the
Director of Operations for Ceylon Tech, lists Houston as his city of residence on LinkedIn.
Interestingly enough, the Ceylon address above was related to another scam in 2010, targeting
University students. Additionally, it is tied to an Oil Rig Job scam as well. The Oil Rig scam goes
back to a Haldeman, LLC (tied to other scams, targeting Australians just as Ceylon Tech does).
Earlier in this document I noted that two other websites with ipaddress close in proximity to that
of compfixo.com had similar sites hosted: Solace-Tech, and 3techsolutions.net. Solace-Tech
lists the same address on its contact page.
Also at this location is a hosting service called M6. It is, unsurprisingly, reported to provide very
poor service - even scamming individuals out of their money, according to some disillusioned
ex-customers. That being said, they have been offering hosting services since the late 90’s.
This is the building that ties these entities together – a simple warehouse:
10685-B Hazelhurst Dr. #6369 Houston TX 77043
Google Maps – © 2013 Google
This property appears to be managed by TNRG (The National Realty Group, Inc.) of Houston,
Texas. It’s very likely that a query of their offices would reveal all present occupants of this
building.
Skype Accounts
Out of curiosity I performed a search for accounts on Skype using some of the email addresses
collected throughout the duration of this research. The results follow.
Search Results
rick.sourav@gmail.com
hddacraker@gmail.com
preranatechnologies@live.in
Note the “att.dealer.oc” handle. I wonder what that account was used for.