Jianjun's Blog

Just confirmed with an MSN buddy that he’s ‘infected with’ a new MSN link-sharing ‘virus’. As a matter of fact, I myself was fooled by this very thing a couple of weeks ago when I got a message from a close friend on MSN that contained a link to ‘her personal page’.

The message ran as follows:

“hii.. check out this.. http://real.amazing-stuff.info .. brb he!!”

Since this was from my close friend, and she’s immediately offline when I got these, I guessed s might be in a hurry and hoped to connect with me using some social network, so I clicked on the link and it brought me to a web page that required me to sign in using my MSN user name and password. The page had detailed service terms and ‘report abuse’ email and told me:

We may temporarily access your MSN account to do a combination
of the following:
1. Send Instant Messages to your friends promoting this site.
2. Introduce new entertaining sites to your friends via Instant Messages.

Again, since it’s ‘recommended’ by my close friend, I logged in and set up some personal page there. But since it was not very attractive, I logged off and never went there again afterwards. But my user name and password were already stolen!

I realized this on the second day when my MSN messenger automatically logged off saying another user had logged in. This is the ONE security feature of MSN messenger I love. (Skype wouldn’t prompt you anything like this when a thousand other users logged into your account and eavesdropped on your chats!) Then I changed my password. I suspect the hacker site used my credential to send similar links to all my contacts that day.

However, if not today another victim sent me a message (also when he’s offline!) as follows, I wouldn’t associate these things together:

“http://username.very.c0o0lthing.info”

I immediately sent a message back to him asking if he knew about this. When he was back online he confirmed that it was some kind of ‘virus’ he got from other MSN users.

Technically speaking, this is not a virus, but phishing. Phishing sites fake other sites to steal your personal information and use them to access your accounts such as email, PayPal or Moneybookers accounts.

In this very case, the hidden criminals’ true intention is not using your email account to spread their links. Since many people use the same password for their email and other accounts such as PayPal, they could easily obtain your private financial information.

If you experienced a similar situation recently:

1. make sure you post a status message in your MSN messenger warning all contacts not to click on any links you send out before verification;
2. change your MSN password immediately and change the password of other accounts that share the same password.
3. help to spread the warning by blogging about it, digging this and other related articles to fight against further phishing attempts.

The phishing site page looks like the following:

The site claims to be TST Management Inc. And here are three domain names they used (They probably use tons of other domains for such purposes) and related information:

1. pr0filepix.info

Domain ID:D24638073-LRMS
Domain Name:PR0FILEPIX.INFO
Created On:29-Apr-2008 12:16:31 UTC
Last Updated On:29-Apr-2008 12:54:46 UTC
Expiration Date:29-Apr-2009 12:16:31 UTC
Sponsoring Registrar:eNom, Inc. (R126-LRMS)
Status:TRANSFER PROHIBITED
Registrant ID:d5574c1883d
Registrant Name:Mark Bradley
Registrant Organization:TST Management, Inc
Registrant Street1:edificio Magna Corp – 5th Floo
Registrant City:PANAMA
Registrant State/Province:PANAMA
Registrant Postal Code:0000
Registrant Country:PA
Registrant Phone:+1.2021577

Server IP: 210.56.53.224
Hong Kong – Dedicated Internet Access (sunhk Datacenter)
Registrant Search: “TST Management, Inc” owns about 85 other domains

2. 1FP9.INFO

Domain ID:D18304546-LRMS
Domain Name:1FP9.INFO
Created On:07-Jun-2007 10:10:35 UTC
Last Updated On:21-Apr-2008 12:59:51 UTC
Expiration Date:07-Jun-2008 10:10:35 UTC
Sponsoring Registrar:eNom, Inc. (R126-LRMS)
Status:OK
Registrant ID:90f98cddfd4
Registrant Name:Jeff Fisher
Registrant Organization:TST Management, Inc
Registrant Street1:Room 1204, 12/F, Shanghai Ind.
Registrant Street2:
Registrant Street3:
Registrant City:Panama City
Registrant State/Province:Panama
Registrant Postal Code:0000
Registrant Country:PA
Registrant Phone:+507.2021577

Server IP: 216.52.184.243
Washington – Redmond – Enom

3. c0o0lthing.info

Domain ID:D24611209-LRMS
Domain Name:C0O0LTHING.INFO
Created On:27-Apr-2008 15:25:13 UTC
Last Updated On:27-Apr-2008 15:25:26 UTC
Expiration Date:27-Apr-2009 15:25:13 UTC
Sponsoring Registrar:eNom, Inc. (R126-LRMS)
Status:TRANSFER PROHIBITED
Registrant ID:999AD5DB09046351
Registrant Name:Peter Call
Registrant Organization:Blue China Group, Ltd
Registrant Street1:Room 1204, 12/F, Shanghai Ind.
Registrant Street2:Investment Bldg.,
Registrant Street3:48-62 Hennessy Road
Registrant City:Wanchai
Registrant State/Province:HK
Registrant Postal Code:0000
Registrant Country:HK
Registrant Phone:+852.94230671

Server IP: 65.39.175.61
Quebec – Montreal – Qitx Inc
Registrant Search: “Blue China Group, Ltd” owns about 1,669 other domains

*UPDATE*

Thanks to all visitors who provided further phishing addresses as follows (also see comments). I believe we can dig out all those bad urls soon :

“adp0int.info”
“real.awesome-stuff.info”
“cache2.imagehosters.info”
“h0st3d.on.prof1lepix.info”
“save.p1ctures.info”
“fr1endp1cs.info”
“username.get.n1ce4ds.info”
“username.likes.ch33se.info”
“down.l0ader.info”
“was.d1ssed.info”
“arm18618.this.are.the.fri3ndp1x.info”
“ch3k3r.info”
“ch3ck3r.info”
“username.the.great-th1ng.info”
“username.partyp1x.info”
“username.1ik5.info”
“username.found.some.c0o0ol5tuff.info”

“username.awes0me.info”
“fileho5t.info”
“m33tpoint.info”
“checkdiz.info”
“snapsh0t.info”
“ther1ng.info”
“greatblockier.info”
“blockierteplatz.info”
“t0nez.info”
“c0mpics.info”
“jumphost.info”
“flatl1ne.info”
“g4ng.info”
“b4ng.info”
“h0stp1cs.info”

If you know any other phishing urls of this MSN messenger scam, please leave a voice or video comment below. (The text comment function crashed my database and many comments got lost.) I’ll update this post.

*UPDATE-1*

Eric translated part of this post into German. If you are not comfortable with English and would like to read German, please visit: http://erichaas.spaces.live.com/blog/cns!20AE01BBC9DF0C0!1014.trak for the German version. Translation into other languages is also welcomed. Please link back to this article and let me know your post address and I’ll add it to this list. Thanks for your help!

*UPDATE-2*

Interesting registrant name of one of its domains (see below):

Domain ID:D24997781-LRMS
Domain Name:THER1NG.INFO
Created On:30-May-2008 14:57:47 UTC
Last Updated On:31-May-2008 10:02:05 UTC
Expiration Date:30-May-2009 14:57:47 UTC
Sponsoring Registrar:eNom, Inc. (R126-LRMS)
Status:TRANSFER PROHIBITED
Registrant ID:47429cff5a9
Registrant Name:Jeff Fisher
Registrant Organization:TST Management, Inc
Registrant Street1:Edificio Magna Corp. 5th Floor
Registrant Street2:
Registrant Street3:
Registrant City:Panama City
Registrant State/Province:Panama
Registrant Postal Code:0000
Registrant Country:PA
Registrant Phone:+507.2021577
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:

I have been looking for a three-column theme for my WordPress blog for some time. Now you see I got it!

Yesterday I customized some widgets in the two sidebars and changed its header image to ‘my own’ – a piece of famous ink brush painting work dating back to the Song Dynasty (960-1279). What you see in the blog header is just a tiny part of the whole picture. How big is the original work? Some statistics:

According to some books, there are altogether 1,643 people and 208 animals illustrated in the picture.

It recorded people’s lives in the then Capital of Song – Bian Jing (now Kaifeng of Henan Province) around Qing Ming festival (http://en.wikipedia.org/wiki/Qingming_Festival). The whole work covers the scenes of the prosperous city center and part of the countryside along the Bian River（汴河）. The following picture is a glimpse of the city and Bian River of today.

Another development of this weekend is my right eye has been hurtful since yesterday afternoon and today it’s literally cherry-red! Guess I need to take a little rest after this post and REALLY stay away from my PC for one day. {seesmic_video:{“url_thumbnail”:{“value”:”http://t.seesmic.com/thumbnail/BYCimuB2Cg_th1.jpg”}”title”:{“value”:”WordPress Theme Changed, Eye Red As Cherry ”}”videoUri”:{“value”:”http://www.seesmic.com/video/hTrAv2MGnA”}}}

I should have edited and uploaded the footage earlier if not for some urgent projects that needed my attention.

Tan Siok Siok, the Director of the Olympic documentary Boomtown Bejing（北京沸腾）gave a welcoming message and then a Q & A session after the screening at Yugong Yishan（愚公移山）. All proceeds from this event went to the Library-Project.ORG.

My short review:

Boomtown Beijing is more than a documentary of the Beijing Olympics. It shows the spirit of the Olympics through the life of common people and tells us their dreams.

Olympics as a large-scale international sports event has more meanings than competing for medals. We should also remember and practice “Citius, Altius, Fortius” (swifter, higher and stronger) in our lives and I think this is one of the reasons why the Olympics are held all over the world and loved by the world. Boomtown Beijing shows us the people who really uphold the Olympic spirit.

Unlike some ‘official’ Olympic films, what you are going to see is all real. There will be no hyped talks or propaganda. No wonder after seeing the movie, some people changed their views about Bejing, China and also their attitude toward the Beijing Olympics.

NOTE: If you are on FB, do check out http://snurl.com/25viy instead for faster video. Thanks.

[display_podcast]