Social networks are often subject to phishing and today MySpace is the target. MX Lab intercepted some messages from MySpace <message-*********@message.myspace.com> – where * stands for random letter and number combination. The from address is obviously spoofed.
The body of the email:
Dear MySpace user!
Please be informed that you are required to update your MySpace account.
Please update your MySpace account by clicking here:
hxxp://accounts.myspace.com.iuuuujef.co.uk/msp/index.php?fuseaction=update&code=5A3TCE-JA3T2OSOJ1-AT2LKB0WNLB0-SMSWSGFPGEL97-0JHN4840QT&email=****@*******.co.uk
If you’re unable to click on the link above, copy and paste it into your browser’s address bar.
————————-
At MySpace we care about your privacy. This email is never sent unsolicited.
If you think you’ve received this email in error, or if you have any questions or concerns regarding your privacy, please contact us at:
privacy@myspace.com
MySpace, Inc.
8391 Beverly Blvd. #349
Los Angeles, CA 90048
USA©2003-2009 MySpace.com. All Rights Reserved.
The domains included are fast-flux domains to avoid Intent Analysis. The domain in this case is registered with the following details:
Domain name:
iuuuujef.co.uk
Registrant:
Joe Tentpeg
Registrant type:
Non-UK Individual
Registrant's address:
5556 Butt hole Court
Bum diddle
66545
Belgium
Registrar:
Webfusion Ltd t/a 123-Reg.co.uk [Tag = 123-REG]
URL: http://www.123-reg.co.uk
Relevant dates:
Registered on: 09-Nov-2009
Renewal date: 09-Nov-2011
Last updated: 10-Nov-2009
Registration status:
Registration request being processed.
Name servers:
No name servers listed.
WHOIS lookup made at 11:19:48 10-Nov-2009
When we performed WHOIS lookups for other domains involved we noticed some irregularities. The registrant name is different each time but the address doesn’t fit at all. The zip code doesn’t match the country because the zip codes in Belgium are based on 4 numbers. We can assume that the registrant did used different details for registration in order to avoid detection by the registrar.





