Author Topic: Creepy BLF Mirrors - Let's figure this out.  (Read 8561 times)

So on June 9th, 2015, user Cloudworxz posted about a weird forum he found. He said he found a forum of bots that posted sketchy downloads, but they only used the usernames of BLF users. Most people didn't believe him, until a link was posted. The forums investigated the site, apparantly hosted on a legitimate phone-book website, but by the morning it had dissapeared.

More of these sites appear if you Google very specific BLF usernames, or if you reverse image search images from these forums. Let's compile them, and figure out what is going on. If you post any links, please put spaces around all periods in the URL.

These forums are all hosted on legitimate websites. Were they hacked? Are they renting spare server space? Why do they BLF users on them?

Warning: The sites are full of bots. They most likely post adware or perhaps even malware. Be very careful if you visit.
www . getchip . net/log/ (active, Russian)
http:// persephonebooks . co . uk/log/index . php (deleted, British)
http:// urngp . ru/log/index . php (active, Russian)
http:// mugibijin . co . jp/log/ (active, Japanese
http:// exhibitionswales . co . uk/log/ (active, British)
http:// c2property . com . au/log/index . php# (This one is weird... it's just one thread?)
http:// 4officestore . ro/log/ - (active - Romanian)


Apparantly each of these sites has it's own (real) forum. Each of them forums use Apache. The trojans hosted on the sites all link to the some place. One person or group prowled the BLF for usernames and is now exploiting a glitch in Apache to host malware on legit sites.

The mystery continues! Let's figure this out, BLF!

Confirmed User Bots: (post users you see below)
Quote
Waru
Mr. Nobody
Idle
Pie Crust
Kimon
Brickmaster
Dreams of Cheese
XR-7
Freek
Rigel
Lugnut
Barnabas Dargerelden (merged into one user)
Valkerone
Zombidude
stufflord
Refticus
Reinforcements
Ravencroft
Satan From Wreck-It-Ralph
Sentry
Jairo (he's an admin)
Casanova
LeetZero
Mr. Man Electrk (merged into one user)
« Last Edit: August 07, 2015, 10:30:34 AM by McZealot »

thank you very much good code


badspot is a drug lord
he uses the money he makes from blockland to pay his rent and to pay his drug addiction
the updates are from master coders that he has kidnapped
edit: i found pie crust and Kimon

« Last Edit: August 06, 2015, 12:42:24 AM by gebenuwell »


carburetors
NirLauncher bietet eine Sammlung von uber 0 nutzlichen Windows-System-Tools, die Sie von Ihrem USB-Stick aus ohne Installation starten konnen.

I love using PDF Page Numberer 2.03!




this is the same software that the phonebook thingy had


I found another mirror forum!
It's always under /log/, and it is almost always labeled "forum for experts"
Maybe they think we're smart! ¯\_(ツ)_/¯

Again, don't click anything. Highlight for link:
http:// 4officestore. ro/log/



i dont get it
They scan the BLF for names to use for their malware linking bots. It generates fake text posts, and they usually have some creepy transparent text underneath them.

I wonder if i'm on this site

I wonder what they're using to hijack sites.