Guess Who's Back in Business? @ tk here on Saturday, September 15, 2007 12:27 AM
You could also try tk Social Bookmarking Search or tk Video Search!

Saturday, September 15, 2007

Guess Who's Back in Business?

Can't guess? It's our spammer/phisher friends again. Yup, they're back again. Same MO, same inline popup. Never seen them before? Find out about them in my original post about them.

They were probably never out of the game, just laying low till they could make a comeback. And what a comeback. is their latest domain with an iframe served at As usual, it's a newly registered domain which should ring some alarms.

Here are the whois for the websites to see for yourself.

Edit: Screenshot of sites in question. screenshot screenshot

Edit: Looks like they forgot to prevent directory browsing! You can see how everything works here (Edit: They fixed it a few days later). The list of those who entered their emails and passwords are out in the open! Here's a reminder to change your password if you entered it at the site.

Edit: These sites are joined by (whois link, not link to actual site) in the spam fiesta.

Edit: About, it didn't strike me at the time to do a whois, but if you did one, you'll see that was registered in 2002 and is about to expire soon. Hence unlike what this site says, it's unlikely that this site is related to the spam sites (unless it was compromised). The date and the name of the site don't even match the MO of the other spam sites.

Edit: is another one of them.

Edit: Another one popped up at and and

Edit: They have also changed their landing page to one that asks you to enter your handphone number for ringtones which are, by the way, not for free. Although entering a number doesn't seem to lead to anywhere but

Something interesting to note is that you could almost always find somewhere in these pages. I noticed this in the previous sites as well. And the sudden surge in traffic to perfspot concides with the recent spamming activity. Could the two be related? Maybe, no one knows for sure (at least I don't).

Edit: Ok, here are a few links that give you a better idea of what perfspot has been doing behind the scenes - XomReviews, Mashable and Project Honeypot Spam Domains List (perfspot is inside the list).

Edit: A new one at

Edit: And at

Edit: Another one at

Edit: One more at

You could also try tk Social Bookmarking Search or tk Video Search!