Can't guess? It's our spammer/phisher friends again. Yup, they're back again. Same MO, same inline popup. Never seen them before? Find out about them in my original post about them.
They were probably never out of the game, just laying low till they could make a comeback. And what a comeback.
Bestcoolgroup.com is their latest domain with an iframe served at bestunbeatableoffer.com. As usual, it's a newly registered domain which should ring some alarms.
Here are the whois for the websites to see for yourself.
bestcoolgroup.com
bestunbeatableoffer.com
Edit: Screenshot of sites in question.
Edit: Looks like they forgot to prevent directory browsing! You can see how everything works here (Edit: They fixed it a few days later). The list of those who entered their emails and passwords are out in the open! Here's a reminder to change your password if you entered it at the site.
Edit: These sites are joined by officialbestgroup.com (whois link, not link to actual site) in the spam fiesta.
Edit: About crownguard.com, it didn't strike me at the time to do a whois, but if you did one, you'll see that crownguard.com was registered in 2002 and is about to expire soon. Hence unlike what this site says, it's unlikely that this site is related to the spam sites (unless it was compromised). The date and the name of the site don't even match the MO of the other spam sites.
Edit: bestcoolindividuals.com is another one of them.
Edit: Another one popped up at bestfreepeople.com and coolindividual.com and coolindividuals.com.
Edit: They have also changed their landing page to one that asks you to enter your handphone number for ringtones which are, by the way, not for free. Although entering a number doesn't seem to lead to anywhere but perfspot.com.
Something interesting to note is that you could almost always find perfspot.com somewhere in these pages. I noticed this in the previous sites as well. And the sudden surge in traffic to perfspot concides with the recent spamming activity. Could the two be related? Maybe, no one knows for sure (at least I don't).
Edit: Ok, here are a few links that give you a better idea of what perfspot has been doing behind the scenes - XomReviews, Mashable and Project Honeypot Spam Domains List (perfspot is inside the list).
Edit: A new one at friendrateronline.com.
Edit: And at friendstatus.com.
Edit: Another one at celebratedpic.com.
Edit: One more at weirdprofile.com.
Saturday, September 15, 2007
Subscribe to:
Post Comments (Atom)