Strange bulletin from Alizée's MySpace Page

[Tye]

Has this issue been resolved, or is it still an issue?

[Deepwaters]

Don't know, Tye. It's been brought to her attention, that's all I know.

[Justin]

Quote:

Originally Posted by Deepwaters

I think either Alizée's MySpace page or mine may have been hacked. I got a bulletin allegedly from her, advertising free ringtones with a link. That doesn't sound like the kind of message she would send, also it was in English and didn't seem to me to be her style of writing. She can write in English but on that page she usually writes in French.

Did anyone else get this bulletin?

ya its a damn spammer. Tom even said that

[Bud10]

Yeah I saw that bulletin awhile back as well I figured maybe someone hacked into her account, really don't see her advertising free ringtones or who ever runs her myspace page. Really don't see what people gain hacking into myspace pages, mines been hacked into like 3 times already, I practically change my password daily now. I guess theres not much we can do until myspace ups its security.

[Tye]

Quote:

Originally Posted by Deepwaters

Don't know, Tye. It's been brought to her attention, that's all I know.

Thanks for the update.

[Crazytales]

This has affected many myspaces of my friends, who unfortunately didn't follow my directions and change their passwords. I've done a little research into the roots of this attack, and it involves several websites and several hundred zombie computers in a botnet. This is the architecture of the scheme, as far as I am able to determine through nslookup and whois:

Main domain names for the scam are:
fe70ffb.com
ringbash.com
bonusringer.net
ring4free.net
ca0dcbe.com (used for phished login page)
ns1.2349e44075.com (domain name server for the above)

There are a whole lot of other domain names used for name servers also.
As best as I can gather, name servers distribute the load by resolving the domain names to any of hundreds of residential broadband addresses, all running Apache httpd to serve the websites. I hypothesize that the servers are all compromised boxes ,since they are dispersed over a wide geographical area. I have port scanned them however, and they're not using any standard back orifice/subseven port. This is a pretty sophisticated and new architecture kind of attack, and I know I've only barely scratched the surface with this. If this helps any network security professionals, awesome. If you come away from this post with absolutely no understanding of the methods whatsoever, then at least understand it's a phishing scam and it is certainly highly illegal.

Regards,
Chris