I did a bit of analysis of this company when this story showed up on another weblog, and I was not able to find much. About all I was able to find out was that whoever they are, they don't want to be found. Here's all the info I was able to find, in case some intrepid reporter reading this log would like to track down some leads, most of which seem to be intentional misdirection.
First off, the PO Box given in their whois record is that of a company which handles low-cost incorporations in Nevada. Okay, you say, so they decided to branch out into making spyware. Well, on top of that, the phone number given is that of a New York dot.bomb. Not good. Finally, the email address given is a hotmail account. It doesn't instill too much confidence in me. And that was just the sleaziness from analyzing the whois record.
Digging deeper, I decided to do a traceroute on the various servers the company runs. From the responses I got, they seem to be based in the midwest. If anyone's interested, here are the relevant bits of the traceroutes which deal with the last few hops:
For their webserver:
9 80 ms 90 ms 80 ms pos2-0-2488m.cr2.CHI1.gblx.net [188.8.131.52]
10 80 ms 90 ms 80 ms so1-0-0-622M.ar3.CHI1.gblx.net [184.108.40.206]
11 90 ms 90 ms 101 ms 220.127.116.11
12 101 ms 100 ms 100 ms 18.104.22.168
From this, we see that they're getting their webhosting from Global Crossing, and from the looks of the last couple server names, probably in the Chicago, IL area. This is consistent with my later findings.
The second traceroute I did was on their main spyware server, sputnik.vx2.cc. This one seems to be going through a different hosting company, one based primarily in the Kentucky area, but there is still a good chance for overlap. The results:
11 91 ms 80 ms 100 ms sl-gw34-chi-9-0.sprintlink.net [22.214.171.124]
12 120 ms 161 ms 120 ms sl-openworld-2-0-0.sprintlink.net [126.96.36.199
13 100 ms 110 ms 90 ms gw8.stdio.net [188.8.131.52]
14 120 ms 120 ms 120 ms 184.108.40.206
15 80 ms 80 ms 80 ms sputnik.vx2.cc [220.127.116.11]
The bandwidth for the company's are also run by stdio.net, so I won't reprint the results here; they aren't too relevant to the issue at hand.
Finally, I ran a whois on blackstonedata.net, their old hostname, as they still have a couple servers running through there. From that info, I was able to learn that their nameservers are run by siteprotect.com, which is fully owned by hostway.com. A quick check determined that hostway is based in Chicago as well, adding to my suspicions that this corp is based in or around Chicago, IL.
Unfortunately, it doesn't give too much information as far as who these people are. However, it does lead one to see who they aren't - all too reputable. Perhaps someone from one of these companies providing bandwidth could "accidentaly" leak some information as to who these people are, maybe a street address or a phone number.
Can I be your pet? I promise not to bite (much).