msn-block.com scam goes international

In the last 2 months, I reported about a nasty phishing scam known as 'msn-blocked.com' that ask the users to type their MSN user name/password and then use their log-in details to connect the server of MSN/Live Messenger and send a fake invite messages to all the contacts of the user.
This Web site also send the users to msnpass.info Web site, which is used to sell my freeware MessenPass utility by using the payment system of Allopass. You can read more about this scam, in the previous posts of my Internet Scams section.

MsnPass.Info Scam In English

MsnPass.Info Scam In English

Until now, msn-blocked Web site was in french language, and targeted only  users that speaks french.
But now the owner of this nasty scam decided to go international and created new versions of msn-blocked and msnpass.info Web sites in multiple languages, including English. The user that browse into these Web sites automatically get the right language according to the  language settings of the Web browser and there is also a flags toolbar to select the right language.
This means that Internet users of many countries that were not affected by this scam until now, including all Live Messenger users in United State, are now vulnerable to this scam.

Msn-Blocked.com in English

Msn-Blocked.com in English

Since I discovered this scam, around 2 months ago,  I tried to contact any company/ organization that can help to stop this scam right away, including well- known companies like Microsoft and GoDaddy.  Unfortunately, it seems that these companies don't care that their services are used for Messenger spamming and phishing scams.

Here's a partial list of companies that received my complaint about msn-blocked scam and didn't do anything to stop it:

  1. GoDaddy:  GoDaddy is the domain registrar of all domains used for this scam, including msnpass.info, msn-blocked.com, msn-block.info,  msnblocks.com, msnapps.net, and possibly a few others.The Web site of GoDaddy says that "We do not allow our customers to send mass unsolicited e-mails, or spam" and they even provide a special spam report form to report about spammers. They also have an option in their form to report about IM Spam, which is exactly what msn-blocked Web site does.
    So I sent my entire report about msn-blocked.com to GoDaddy, even twice, but so far, there is no any response from them.
  2. Domains by Proxy:  This company provide a 'privacy protection' service that hides the real details of the user that Registers  a domain. It's a very good and useful service, as long as it's used by legitimated Web site owners, but unfortunately, this service is also used by scam owners like msn-blocked.com that want to hide their identity.
    Like GoDaddy, this company also says that they don't allow to their customers to send spam and they also provide a form to fill a complaint about a spammer.
    I also send them my full report about msn-blocked.com scam, and exactly like GoDaddy, they simply don't answer.
  3. Microsoft Live Messenger Team:  The entire scam of msn-blocked.com Web site is based on connecting the MSN/Live Messenger servers and flooding the contacts of the user with fake messages.  The team of Live Messenger servers can easily block the IP addresses of msn-blocked Web site and bring down this scam right away.
    I reported about this scam to the team of Live Messenger, by using their feedback form and as a comment in their Blog. I also know that I'm not the only one that reported them about the msn-blocked scam.Unfortunately, like the other companies, the team of Live Messenger don't bother themselves to do anything with this issue, even when they can easily shut down the scam by making a few changes in their Firewall.

    Maybe now, when this scam also targets English speakers, and will probably start to spread in United States very quickly, Microsoft will understand that they have to do something about it.

  4. Allopass: As I already reported in my previous posts, the owner of this scam sell my MessenPass software in msnpass.info Web site, by using the SMS payment system of Allopass.
    As opposed to other companies, Allopass answered the messages I sent them about this scam, but unfortunately, they refused to stop working with the scam owner, saying that they cannot legally close the account and other excuses. Allopass also enjoys their part in the scam, because for each SMS code used by msnpass.info Web site, the revenue is shared between the scam owner, Allopass, and the phone company.
  5. EURO-WEB Servers renting: EURO-WEB is the hosting company that currently hosts the servers of msn-blocked scam. I sent a full report about the scam to the abuse email of this company, but their is no any response from them.

I hope that one of the above companies will finally decide to take action against msn-blocked Web site before it start spreading in United States and many other countries that were not affected by this scam until now.

There is only one good side  in this story:  Both Firefox and Internet Explorer blocks some of the Web addresses of msn-blocked Web site thanks to the phishing reports made by users. However,  this Web site blocking only slows down the spreading of scam, but it doesn't really prevent it. The scam owner also constantly replace the domain name and host name to avoid the blocking by the Web browser.

20 Responses to “msn-block.com scam goes international”

  1. Lenny Says:

    Notice: This comment was probably sent by representative of msn-blocked.com
    Do you know that MSNPass do not distribute your MessenPass.
    I tested it and this website distribube probably an home-made software ( or I don't know it, but I think it is designed by MSNPass ).
    Maybe you have to be prudent about the slandering you can write on your blog.
    Allopass, GoDaddy others companies you quote are very huge actors or Web, if they authorize this website to run, it can be a good reason for that.
    Lot of "msn-statut-checker" website are scams, ok. Lot of them host virus, trojan, and others malwares...
    But did you test this website ? Could you say that there is something illegal on it ?
    Because, despite of the fact that they look like sending messages on IM, if it is written on their terms accepted by the users and if MSNPass software is their own, and if it is safe, all their business is legal if we just read the law.
    If they had stopped to sell your soft, maybe the best thing you can do is to stop your "quest" against us. Because I'm feared that if they are supported by the companies quoted, they are very powerfull, and they may have very good attorneys.

    Regards

  2. Lenny Says:

    If they had stopped to sell your soft, maybe the best thing you can do is to stop your "quest" against us.

    *against them.
    My english is so poor.

  3. Mikael Says:

    Lenny is the owner of the MSNpass site.

    The http header say this
    ---- start ---
    Transfer-Encoding: chunked
    X-Powered-By: PHP/5.2.6-1+lenny3
    Location: ./?//
    Content-type: text/html
    Date: Sun, 30 Aug 2009 12:03:23 GMT
    Server: lighttpd/1.4.19
    --- end ---

    Coincidence?! Dont think so.

    msnpass.info/91.191.144.84 redirects you to 91.191.144.87
    (that php script is located here on the server /var/www/redirpass/index.php)
    You'll end up at (for now anyway)
    a.msnpass.info
    b.msnpass.info
    c.msnpass.info
    d.msnpass.info
    f.msnpass.info

    Any site that redirects you and try to hide its source and identity is Not to be trusted.

    e.msnpass.info redirects to https://email.secureserver.net/login.php?domain=e.msnpass.info

  4. Lenny Says:

    Mikael, what do you mean by "Lenny is the owner of the MSNpass site." ?
    I don't understand... Do you know Linux Debian Lenny ? Do you know Lenny Kravitz, Lenny Kilminster :p ? There are lots of Lenny around the world ;) .
    Maybe I have to be renamed to "Squeeze".... Poor theory...

  5. Mikael Says:

    Squeeze is a better name for you, its closer to the truth
    So please use it :D

    MSNpass sux.
    ANY site that REdirects you and try to Hide its source and identity IS NOT to be trusted.

  6. Carbonize Says:

    Just looked and msn-blocked.com appears to have been taken down. Such a shame.

    Not.

  7. Mikael Says:

    The phishing continues at http://who-got-blocked.com
    A color change and some minor alterations, but the same site.

  8. Elcorin Says:

    Thanks for article. Everytime like to read you.
    Have a nice day
    Elcorin

  9. John Says:

    similiar site

    http://47qg6d.check-who-blocked-you.com/

  10. Ivar Røise Says:

    Another similar site:

    http://ha7fgp.check-who-blocked-you.com/

  11. iamnotlenny Says:

    lenny soooo made that site. lol

  12. Jon Says:

    The problem is getting worse. My email box is filling with

    xxxxxx invited you to check who has deleted or blocked you from their contact list on MSN Messenger.

    linking to this :-

    hey-you-block-me.com

  13. Jon Says:

    http://74.125.113.132/search?q=cache:07MEigc72cQJ:pastebin.com/pastebin.php?dl=m3888bb7a%20belma_ml@hotmail.com:000015&hl=en&gl=us&strip=1

    A list of victims email address and password ?

  14. Joe Says:

    grab-my-block-status.com is also a home. Whois says it is coming out of China and was created today

  15. dan Says:

    now it's jesus-im-blocked.com

  16. chris Says:

    Domains By Proxy actually belongs to GoDaddy, or at least the two are very closely linked. If you purchase the privacy option at GoDaddy, you end up with Domains by Proxy.

    off-topic here but i don't want to post a second time: love the launcher! I had tried (and failed) to build something like this for my stick, to have it with me at all times (even if some of the progs get deleted regularly by my office anti-virus ... they suck).

    behatzlakha
    Chris

  17. godaddy sucks Says:

    godaddy is usually more cooperative in illicitly taking down sites on a mere complaint:

    http://NOdaddy.com

    Start a donation drive to start a formal (expensive) ICANN inquiry against the domain(s)

  18. Nir Says:

    Thanks NIR i like all of your utilities .. u Rock .. !! Keep up the Fight with these fake sites .. :)

    cheers .

  19. Khattr Says:

    Hi,

    Same nowadays :
    livepass.info => Domains by proxy throught GoDaddy and hosted in France
    social-pass.com => same as previous but "allow to recover password from Facebook, Twitter, Myspace Gmail ...."

    Allopass told that "this is not a scam because the site owner prove the retrival method of the password is legal ....." when telling them this is a scam .....

    Very surprising I say !

  20. ImNotLenny Says:

    Hey,

    They Just Got ME !!!
    I Hate Hackers !!! **s H***s ....
    WHat Do I DO ?

Leave a Reply