Well, this would have probably caught those initial spam messages that got users offsite to their phishing page in the first place.
You might also send out a mass member email notifying people of the issue and notify them to make sure they're at the correct domain name before ever entering their user login information, and notifying them that hijacked user accounts are being locked until the members can email you to have their information reset.
As for finding out who has been sending messages, your best bet is to run this MySQL query from the Control Panel: (CP -> Tools and Information -> Database Tools -> SQL Command Tab)
SELECT `POST_ID`, `USER_ID`, `POST_BODY` FROM `ubbt_PRIVATE_MESSAGE_POSTS` WHERE `POST_BODY` LIKE '%offendingurl%' LIMIT 0,200;
The above database query will query the Private Message Posts table for "offendingurl" (notice the %%, preserve them when changing the string), starting from the first instance to the 200th; you can remove the limit, but depending on how active they've been you can end up with quite a lot of results returned.