Well, this would have probably caught those initial spam messages that got users offsite to their phishing page in the first place.

You might also send out a mass member email notifying people of the issue and notify them to make sure they're at the correct domain name before ever entering their user login information, and notifying them that hijacked user accounts are being locked until the members can email you to have their information reset.

As for finding out who has been sending messages, your best bet is to run this MySQL query from the Control Panel: (CP -> Tools and Information -> Database Tools -> SQL Command Tab)
Code
SELECT `POST_ID`, `USER_ID`, `POST_BODY` FROM `ubbt_PRIVATE_MESSAGE_POSTS` WHERE `POST_BODY` LIKE '%offendingurl%' LIMIT 0,200;

The above database query will query the Private Message Posts table for "offendingurl" (notice the %%, preserve them when changing the string), starting from the first instance to the 200th; you can remove the limit, but depending on how active they've been you can end up with quite a lot of results returned.

I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Do you need Forum Install or Upgrade Services?
Forums: A Gardeners Forum, Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!