In the last 2 months, I reported about a nasty phishing scam known as ‘msn-blocked.com’ that ask the users to type their MSN user name/password and then use their log-in details to connect the server of MSN/Live Messenger and send a fake invite messages to all the contacts of the user.
This Web site also send the users to msnpass.info Web site, which is used to sell my freeware MessenPass utility by using the payment system of Allopass. You can read more about this scam, in the previous posts of my Internet Scams section.
Until now, msn-blocked Web site was in french language, and targeted only users that speaks french.
But now the owner of this nasty scam decided to go international and created new versions of msn-blocked and msnpass.info Web sites in multiple languages, including English. The user that browse into these Web sites automatically get the right language according to the language settings of the Web browser and there is also a flags toolbar to select the right language.
This means that Internet users of many countries that were not affected by this scam until now, including all Live Messenger users in United State, are now vulnerable to this scam.
Since I discovered this scam, around 2 months ago, I tried to contact any company/ organization that can help to stop this scam right away, including well- known companies like Microsoft and GoDaddy. Unfortunately, it seems that these companies don’t care that their services are used for Messenger spamming and phishing scams.
Here’s a partial list of companies that received my complaint about msn-blocked scam and didn’t do anything to stop it:
- GoDaddy: GoDaddy is the domain registrar of all domains used for this scam, including msnpass.info, msn-blocked.com, msn-block.info, msnblocks.com, msnapps.net, and possibly a few others.The Web site of GoDaddy says that “We do not allow our customers to send mass unsolicited e-mails, or spam” and they even provide a special spam report form to report about spammers. They also have an option in their form to report about IM Spam, which is exactly what msn-blocked Web site does.
So I sent my entire report about msn-blocked.com to GoDaddy, even twice, but so far, there is no any response from them. - Domains by Proxy: This company provide a ‘privacy protection’ service that hides the real details of the user that Registers a domain. It’s a very good and useful service, as long as it’s used by legitimated Web site owners, but unfortunately, this service is also used by scam owners like msn-blocked.com that want to hide their identity.
Like GoDaddy, this company also says that they don’t allow to their customers to send spam and they also provide a form to fill a complaint about a spammer.
I also send them my full report about msn-blocked.com scam, and exactly like GoDaddy, they simply don’t answer. - Microsoft Live Messenger Team: The entire scam of msn-blocked.com Web site is based on connecting the MSN/Live Messenger servers and flooding the contacts of the user with fake messages. The team of Live Messenger servers can easily block the IP addresses of msn-blocked Web site and bring down this scam right away.
I reported about this scam to the team of Live Messenger, by using their feedback form and as a comment in their Blog. I also know that I’m not the only one that reported them about the msn-blocked scam.Unfortunately, like the other companies, the team of Live Messenger don’t bother themselves to do anything with this issue, even when they can easily shut down the scam by making a few changes in their Firewall.Maybe now, when this scam also targets English speakers, and will probably start to spread in United States very quickly, Microsoft will understand that they have to do something about it.
- Allopass: As I already reported in my previous posts, the owner of this scam sell my MessenPass software in msnpass.info Web site, by using the SMS payment system of Allopass.
As opposed to other companies, Allopass answered the messages I sent them about this scam, but unfortunately, they refused to stop working with the scam owner, saying that they cannot legally close the account and other excuses. Allopass also enjoys their part in the scam, because for each SMS code used by msnpass.info Web site, the revenue is shared between the scam owner, Allopass, and the phone company. - EURO-WEB Servers renting: EURO-WEB is the hosting company that currently hosts the servers of msn-blocked scam. I sent a full report about the scam to the abuse email of this company, but their is no any response from them.
I hope that one of the above companies will finally decide to take action against msn-blocked Web site before it start spreading in United States and many other countries that were not affected by this scam until now.
There is only one good side in this story: Both Firefox and Internet Explorer blocks some of the Web addresses of msn-blocked Web site thanks to the phishing reports made by users. However, this Web site blocking only slows down the spreading of scam, but it doesn’t really prevent it. The scam owner also constantly replace the domain name and host name to avoid the blocking by the Web browser.
Lenny says:
Notice: This comment was probably sent by representative of msn-blocked.com
Do you know that MSNPass do not distribute your MessenPass.
I tested it and this website distribube probably an home-made software ( or I don’t know it, but I think it is designed by MSNPass ).
Maybe you have to be prudent about the slandering you can write on your blog.
Allopass, GoDaddy others companies you quote are very huge actors or Web, if they authorize this website to run, it can be a good reason for that.
Lot of “msn-statut-checker” website are scams, ok. Lot of them host virus, trojan, and others malwares…
But did you test this website ? Could you say that there is something illegal on it ?
Because, despite of the fact that they look like sending messages on IM, if it is written on their terms accepted by the users and if MSNPass software is their own, and if it is safe, all their business is legal if we just read the law.
If they had stopped to sell your soft, maybe the best thing you can do is to stop your “quest” against us. Because I’m feared that if they are supported by the companies quoted, they are very powerfull, and they may have very good attorneys.
Regards
August 29, 2009, 2:16 pmLenny says:
If they had stopped to sell your soft, maybe the best thing you can do is to stop your “quest” against us.
*against them.
August 29, 2009, 5:51 pmMy english is so poor.
Mikael says:
Lenny is the owner of the MSNpass site.
The http header say this
—- start —
Transfer-Encoding: chunked
X-Powered-By: PHP/5.2.6-1+lenny3
Location: ./?//
Content-type: text/html
Date: Sun, 30 Aug 2009 12:03:23 GMT
Server: lighttpd/1.4.19
— end —
Coincidence?! Dont think so.
msnpass.info/91.191.144.84 redirects you to 91.191.144.87
(that php script is located here on the server /var/www/redirpass/index.php)
You’ll end up at (for now anyway)
a.msnpass.info
b.msnpass.info
c.msnpass.info
d.msnpass.info
f.msnpass.info
Any site that redirects you and try to hide its source and identity is Not to be trusted.
e.msnpass.info redirects to https://email.secureserver.net/login.php?domain=e.msnpass.info
August 30, 2009, 9:35 amLenny says:
Mikael, what do you mean by “Lenny is the owner of the MSNpass site.” ?
August 30, 2009, 5:03 pmI don’t understand… Do you know Linux Debian Lenny ? Do you know Lenny Kravitz, Lenny Kilminster :p ? There are lots of Lenny around the world ;).
Maybe I have to be renamed to “Squeeze”…. Poor theory…
Mikael says:
Squeeze is a better name for you, its closer to the truth
So please use it 😀
MSNpass sux.
August 30, 2009, 11:20 pmANY site that REdirects you and try to Hide its source and identity IS NOT to be trusted.
Carbonize says:
Just looked and msn-blocked.com appears to have been taken down. Such a shame.
Not.
August 31, 2009, 12:40 pmMikael says:
The phishing continues at http://who-got-blocked.com
September 2, 2009, 3:30 pmA color change and some minor alterations, but the same site.
Elcorin says:
Thanks for article. Everytime like to read you.
September 2, 2009, 5:25 pmHave a nice day
Elcorin
John says:
similiar site
http://47qg6d.check-who-blocked-you.com/
September 8, 2009, 4:08 amIvar Røise says:
Another similar site:
http://ha7fgp.check-who-blocked-you.com/
September 8, 2009, 3:12 pmiamnotlenny says:
lenny soooo made that site. lol
September 22, 2009, 10:14 pmJon says:
The problem is getting worse. My email box is filling with
xxxxxx invited you to check who has deleted or blocked you from their contact list on MSN Messenger.
linking to this :-
hey-you-block-me.com
October 1, 2009, 6:01 amJon says:
http://74.125.113.132/search?q=cache:07MEigc72cQJ:pastebin.com/pastebin.php?dl=m3888bb7a%20belma_ml@hotmail.com:000015&hl=en&gl=us&strip=1
A list of victims email address and password ?
October 2, 2009, 8:02 pmJoe says:
grab-my-block-status.com is also a home. Whois says it is coming out of China and was created today
October 4, 2009, 7:25 pmdan says:
now it’s jesus-im-blocked.com
October 6, 2009, 7:41 amchris says:
Domains By Proxy actually belongs to GoDaddy, or at least the two are very closely linked. If you purchase the privacy option at GoDaddy, you end up with Domains by Proxy.
off-topic here but i don’t want to post a second time: love the launcher! I had tried (and failed) to build something like this for my stick, to have it with me at all times (even if some of the progs get deleted regularly by my office anti-virus … they suck).
behatzlakha
October 7, 2009, 6:27 amChris
godaddy sucks says:
godaddy is usually more cooperative in illicitly taking down sites on a mere complaint:
http://NOdaddy.com
Start a donation drive to start a formal (expensive) ICANN inquiry against the domain(s)
November 30, 2009, 3:09 amNir says:
Thanks NIR i like all of your utilities .. u Rock .. !! Keep up the Fight with these fake sites .. 🙂
cheers .
January 19, 2010, 6:11 amKhattr says:
Hi,
Same nowadays :
livepass.info => Domains by proxy throught GoDaddy and hosted in France
social-pass.com => same as previous but “allow to recover password from Facebook, Twitter, Myspace Gmail ….”
Allopass told that “this is not a scam because the site owner prove the retrival method of the password is legal …..” when telling them this is a scam …..
Very surprising I say !
February 16, 2010, 11:23 amImNotLenny says:
Hey,
They Just Got ME !!!
April 20, 2010, 2:01 pmI Hate Hackers !!! **s H***s ….
WHat Do I DO ?