In the process of setting up some virtual servers (slices) from www.slicehost.com I had to move the name servers around along with a migration to Google web apps. A user called complaining that they could not access the web-mail service. The user was trying to access www.mail.domain.com instead of mail.domain.com which a DNS record had yet to be setup for and we weren’t planning on it. To our surprise there was a page there though, a place holder with some nasty pop-ups. We immediately added a record for this entry to kill it but it makes me wonder how many other sub-domains have been compromised? The registrar was www.godaddy.com, we will be migrating to a new one very soon.