Guest Dick K Posted September 20, 2008 Posted September 20, 2008 Is there anyone other than the hosting company to whom to report a malware infested site and is it worth doing so? This morning NOD32 reported that it had quarantined a download of Win32/Adware.Antivirus2008 to my XP system from this (munged)URL: hxxp://groups.google.com/group/tOWAfT/web/zonealarm-crack -- Dick K Quote
Guest David H. Lipman Posted September 20, 2008 Posted September 20, 2008 From: "Dick K" <not@this.com> | Is there anyone other than the hosting company to whom to | report a malware infested site and is it worth doing so? | This morning NOD32 reported that it had quarantined a | download of Win32/Adware.Antivirus2008 to my XP system | from this (munged)URL: | hxxp://groups.google.com/group/tOWAfT/web/zonealarm-crack | -- | Dick K Contact will be made with google. However, the malware is hosted thanx to Directi, part of the Atrivo gang allowing the RBN to host malware. http://voices.washingtonpost.com/securityf...t_as_major.html Read the HostExploits white paper... http://hostexploit.com/index.php?option=co...id=12&Itemid=15 and... http://voices.washingtonpost.com/securityf...estdomains.html http://www.spamhaus.org/news.lasso?article=636 -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest Galen Posted September 20, 2008 Posted September 20, 2008 My reply is at the bottom of your sent message. In news:ONLz4TyGJHA.1156@TK2MSFTNGP04.phx.gbl, David H. Lipman <DLipman~nospam~@Verizon.Net> typed: <span style="color:blue"> > From: "Dick K" <not@this.com> ><span style="color:green"> >> Is there anyone other than the hosting company to whom to >> report a malware infested site and is it worth doing so? >> This morning NOD32 reported that it had quarantined a >> download of Win32/Adware.Antivirus2008 to my XP system >> from this (munged)URL:</span> ><span style="color:green"> >> hxxp://groups.google.com/group/tOWAfT/web/zonealarm-crack</span> ><span style="color:green"> >> --</span> ><span style="color:green"> >> Dick K</span></span> In addition to David's response I will have to say that it is always a good idea to report the problem to the hosting company IF you can accurately track it. I own a hosting company and we tend to get a half dozen complaints a week (only a couple of which are valid) and we simply check to verify the complaints and then disable the accounts with the exceptions of DMCA take down requests where we take them down first and then give the client a copy of the request and a link to fight the request. I'd like to believe we're mostly typical in those regards. It isn't that there is always someone else. It is that that is the best place to start. We actually only field a half dozen complaints weekly. That includes DMCA, spam, and malware. In most cases it is a matter of their being a script or something on their site that has been compromised we have found. This, obviously, is not true for the entire internet but it is in our case. If it looks obvious, if there's no response, and if this appears to be intentional then the hosting company probably sucks. If that is the case - go to the data center where it is hosted. style_emoticons/ It will be in the whois, tracert, or a dig but it might require some digging. -- Galen My Geek Site: http://kgiii.info Web Hosting: http://whathostingshould.be "It is a capital mistake to theorize before you have all the evidence. It biases the judgment." - Sherlock Holmes Quote
Guest Dick K Posted September 21, 2008 Posted September 21, 2008 David H. Lipman wrote:<span style="color:blue"> > From: "Dick K" <not@this.com> > > | Is there anyone other than the hosting company to whom to > | report a malware infested site and is it worth doing so? > | This morning NOD32 reported that it had quarantined a > | download of Win32/Adware.Antivirus2008 to my XP system > | from this (munged)URL: > > | hxxp://groups.google.com/group/tOWAfT/web/zonealarm-crack > > | -- > > | Dick K > > Contact will be made with google. > > However, the malware is hosted thanx to Directi, part of the Atrivo gang allowing the RBN > to host malware. > > http://voices.washingtonpost.com/securityf...t_as_major.html > > Read the HostExploits white paper... > http://hostexploit.com/index.php?option=co...id=12&Itemid=15 > > and... > http://voices.washingtonpost.com/securityf...estdomains.html > http://www.spamhaus.org/news.lasso?article=636 > > </span> Thank you for contacting Google and for the illuminating references. I think I just became even more paranoid, if that's possible. Ironically I was looking for opinions on ZoneAlarm's ForceField when the "drive by" occurred. -- Dick K Quote
Guest Dick K Posted September 21, 2008 Posted September 21, 2008 Galen wrote:<span style="color:blue"> > My reply is at the bottom of your sent message. > > In news:ONLz4TyGJHA.1156@TK2MSFTNGP04.phx.gbl, > David H. Lipman <DLipman~nospam~@Verizon.Net> typed: > > <span style="color:green"> >> From: "Dick K" <not@this.com> >><span style="color:darkred"> >>> Is there anyone other than the hosting company to whom to >>> report a malware infested site and is it worth doing so? >>> This morning NOD32 reported that it had quarantined a >>> download of Win32/Adware.Antivirus2008 to my XP system >>> from this (munged)URL: >>> hxxp://groups.google.com/group/tOWAfT/web/zonealarm-crack >>> -- >>> Dick K</span></span> > > In addition to David's response I will have to say that it is always a good > idea to report the problem to the hosting company IF you can accurately > track it. I own a hosting company and we tend to get a half dozen complaints > a week (only a couple of which are valid) and we simply check to verify the > complaints and then disable the accounts with the exceptions of DMCA take > down requests where we take them down first and then give the client a copy > of the request and a link to fight the request. I'd like to believe we're > mostly typical in those regards. > > It isn't that there is always someone else. It is that that is the best > place to start. We actually only field a half dozen complaints weekly. That > includes DMCA, spam, and malware. In most cases it is a matter of their > being a script or something on their site that has been compromised we have > found. This, obviously, is not true for the entire internet but it is in our > case. If it looks obvious, if there's no response, and if this appears to > be intentional then the hosting company probably sucks. > > If that is the case - go to the data center where it is hosted. style_emoticons/ It will > be in the whois, tracert, or a dig but it might require some digging. ></span> Thanks for your comments. Good advice for the expert user I'm sure. However as one who would claim only to be experienced I'm afraid I wouldn't be happy messing with a known infected site in an attempt to track the source of malware. Rightly or wrongly that would strike me as altogether too risky. Still, the recent attempt at infection was a once in five years event for me, so hosting companies aren't likely to be burdened with too many of my misdirected complaints. -- Dick K Quote
Guest David H. Lipman Posted September 23, 2008 Posted September 23, 2008 From: "David H. Lipman" <DLipman~nospam~@Verizon.Net> And the follow-up... http://voices.washingtonpost.com/securityf...sed_isp_am.html -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest Dick K Posted September 23, 2008 Posted September 23, 2008 David H. Lipman wrote:<span style="color:blue"> > From: "David H. Lipman" <DLipman~nospam~@Verizon.Net> > > And the follow-up... > > http://voices.washingtonpost.com/securityf...sed_isp_am.html > > </span> Good news. Thanks. -- Dick K Quote
Guest 1PW Posted September 23, 2008 Posted September 23, 2008 On 09/20/2008 05:32 AM, Dick K sent:<span style="color:blue"> > Is there anyone other than the hosting company to whom to > report a malware infested site and is it worth doing so? > This morning NOD32 reported that it had quarantined a > download of Win32/Adware.Antivirus2008 to my XP system > from this (munged)URL: > > hxxp://groups.google.com/group/tOWAfT/web/zonealarm-crack > > -- > > Dick K</span> Hello Dick: Not withstanding the quality information from the other posters, you may also wish to state the further truths: Since it would be a statement in fact, then I would state that the Google link takes you to another URL, which in this case is: <http://antispywaremore.com/zonealarm+crack> ....and let these true facts speak for themselves as no liability exists there. My best regards to all. -- 1PW @?6A62?FEH9:DE=6o2@=]4@> [r4o7t] Quote
Guest David H. Lipman Posted September 24, 2008 Posted September 24, 2008 From: "Dick K" <not@this.com> | David H. Lipman wrote:<span style="color:blue"><span style="color:green"> >> From: "David H. Lipman" <DLipman~nospam~@Verizon.Net></span></span> <span style="color:blue"><span style="color:green"> >> And the follow-up...</span></span> <span style="color:blue"><span style="color:green"> >> http://voices.washingtonpost.com/securityf...us_based_isp_am. >> html</span></span> | Good news. Thanks. Not really... http://www.theregister.co.uk/2008/09/24/in...ge_back_online/ -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest kalyan Posted September 25, 2008 Posted September 25, 2008 Hi Just follow the link to Report malware site for public safety http://www.google.com/safebrowsing/report_badware/ -- Warm Regards Kalyan "Dick K" <not@this.com> wrote in message news:%23w$D5mVHJHA.1160@TK2MSFTNGP05.phx.gbl...<span style="color:blue"> > David H. Lipman wrote:<span style="color:green"> >> From: "David H. Lipman" <DLipman~nospam~@Verizon.Net> >> >> And the follow-up... >> >> http://voices.washingtonpost.com/securityf...sed_isp_am.html >> >></span> > Good news. Thanks. > > -- > > Dick K </span> Quote
Guest David H. Lipman Posted September 25, 2008 Posted September 25, 2008 From: "kalyan" <reach2kalyan@live.com> | Hi | Just follow the link to Report malware site for public safety | http://www.google.com/safebrowsing/report_badware/ Worthless! Especially in the light that it doen't "contain" malwarejust a link to a malicious site. Now it is pointing to; hot-porntube-08.com -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest David H. Lipman Posted September 25, 2008 Posted September 25, 2008 From: "Dick K" <not@this.com> | Is there anyone other than the hosting company to whom to | report a malware infested site and is it worth doing so? | This morning NOD32 reported that it had quarantined a | download of Win32/Adware.Antivirus2008 to my XP system | from this (munged)URL: | hxxp://groups.google.com/group/tOWAfT/web/zonealarm-crack | -- | Dick K The above Google Group and URL exists no longer :-) -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.