Where does one report a webiste deliberately forcing virus accepta

TheMSsForum.com: The Microsoft Software Forum

When I come across a website that tries to compel acceptance of a virus (in
this case Mhtreder.ge) which enables further hacking, who does one tell? My
impression is that my ISP, Verizon, couldn't care less - I'm utterly on my
own with the help of the Whois account they've set up for their users. This
is despite that their customer support in other areas is pretty good in my
experience.

Using Whois in this case is problematic, as the site, at 4.31.21.33, at a
textually described (from Google) site called

nakedpics.name/britney-spears-clips-sexy/ britneyspearsclipssexy.html

(three guesses what I was surfing for), is either directly held and not
subassigned by Level3, which I understand to be part of GTE, which I
understand to be associated with Verizon. The area is skipped over in a
search for subassignments from the 4.x.x.x-4.x.x.255 netzone holder. Talk
about your self-looping error.

My Panda firewall/virus picked up the named virus or variant being
downloaded via one of those OS-mimetic pop-up windows and which requires
going to task manager and completely nuking the browser to get out of.

By coincidence, or perhaps not, I have been having persistent port scan
attacks from the 4.31.x.y netzone since at least the start of September,
though on certain occasion 4.x.y.z IPs are the remote sender and on rare
occassions it is from Asia.

At any rate, is there a proper place for me to report a website deliberately
virus infecting surfers?
Top

Re: Where does one report a webiste deliberately forcing virus accepta by jjs

jjs
Mon Sep 13 10:41:15 CDT 2004

"nullportal@msn.com" <nullportal@msn.com@discussions.microsoft.com> wrote in
message news:A32D3CA0-E116-4651-BDBA-81AE5C54E845@microsoft.com...
> When I come across a website that tries to compel acceptance of a virus

> nakedpics.name/britney-spears-clips-sexy/ britneyspearsclipssexy.html

Pitty you.


Top

re: Where does one report a webiste deliberately forcing virus accepta by sgopus

sgopus
Mon Sep 13 19:47:10 CDT 2004

If you manage to find someone, let me know too.
You would think ISP's would care more.
I went for 6-9 months of getting daily attacks from this
one site, trying to send me a virus, I did my duty of
reporting to website managers it was a uswest managed
server, nobody responded, nobody did anything, finally I
think it just ran out on it's own, or somebody found it
and removed it, I no longer get the virus attached e-mails.
Never did get an I'm sorry, or a response..



>-----Original Message-----
>When I come across a website that tries to compel
acceptance of a virus (in
>this case Mhtreder.ge) which enables further hacking, who
does one tell? My
>impression is that my ISP, Verizon, couldn't care less -
I'm utterly on my
>own with the help of the Whois account they've set up for
their users. This
>is despite that their customer support in other areas is
pretty good in my
>experience.
>
>Using Whois in this case is problematic, as the site, at
4.31.21.33, at a
>textually described (from Google) site called
>
> nakedpics.name/britney-spears-clips-sexy/
britneyspearsclipssexy.html
>
>(three guesses what I was surfing for), is either
directly held and not
>subassigned by Level3, which I understand to be part of
GTE, which I
>understand to be associated with Verizon. The area is
skipped over in a
>search for subassignments from the 4.x.x.x-4.x.x.255
netzone holder. Talk
>about your self-looping error.
>
>My Panda firewall/virus picked up the named virus or
variant being
>downloaded via one of those OS-mimetic pop-up windows and
which requires
>going to task manager and completely nuking the browser
to get out of.
>
>By coincidence, or perhaps not, I have been having
persistent port scan
>attacks from the 4.31.x.y netzone since at least the
start of September,
>though on certain occasion 4.x.y.z IPs are the remote
sender and on rare
>occassions it is from Asia.
>
>At any rate, is there a proper place for me to report a
website deliberately
>virus infecting surfers?
>.
>
Top

Re: Where does one report a webiste deliberately forcing virus accepta by N

N
Mon Sep 13 20:48:50 CDT 2004

In article <A32D3CA0-E116-4651-BDBA-81AE5C54E845@microsoft.com>, =?Utf-8?B?
bnVsbHBvcnRhbEBtc24uY29t?= says...

> When I come across a website that tries to compel acceptance of a virus (in
> this case Mhtreder.ge) which enables further hacking, who does one tell? My
> impression is that my ISP, Verizon, couldn't care less - I'm utterly on my
> own with the help of the Whois account they've set up for their users. This
> is despite that their customer support in other areas is pretty good in my
> experience.

> Using Whois in this case is problematic, as the site, at 4.31.21.33, at a
> textually described (from Google) site called

> nakedpics.name/britney-spears-clips-sexy/ britneyspearsclipssexy.html

No problem for me. A Sam Spade Whois search on the IP address revealed that
the entire range of IP addresses identified by CIDR as 4.0.0.0/8 belongs to
Level3 Communications. Sam Spade also tells me that "abuse" is the
registered account name at "level3.com" to report such malicious activity.
Whether Level3 Commucnications even listens, much less acts, is another
story entirely.

> ...(three guesses what I was surfing for)...

I'll pass, thank you.

> is either directly held and not subassigned by Level3, which I understand
> to be part of GTE...

Um, you got that backwards. At least according to an online search that I
ran on Genuity:

http://www.level3.com/genuity/

> ...which I understand to be associated with Verizon.

Level3 Communications claims that the largest local telephone companies in
the U.S. are customers. I know that SBC is one of them; I get a Level3 IP
address when I run a dial-up connection with an SBC POP. I imagine that
Verizon is also a Level3 customer.

> The area is skipped over in a search for subassignments from the
> 4.x.x.x-4.x.x.255 netzone holder. Talk about your self-looping error.

I would not know how to calculate the IP range taken by SBC. Apparently
either SBC has not requested a "SWIPPed" block from Level3, or Level3 will
not SWIP blocks to their customers.

<snip>

> At any rate, is there a proper place for me to report a website deliberately
> virus infecting surfers?

Since the IP address in question, [4.31.21.33], seems to be directly
allocated to Level3 Communications, the registered abuse address for Level3
would seem to be appropriate: 'abuse' (at) 'leve3.com'...according to Sam
Spade.

--
Norman
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint
Top

re: Where does one report a webiste deliberately forcing virus accepta by Horatio

Horatio
Tue Sep 14 10:56:44 CDT 2004

>-----Original Message-----
>If you manage to find someone, let me know too. You would
>think ISP's would care more. I went for 6-9 months of
>getting daily attacks from this one site, trying to send
>me a virus, I did my duty of reporting to website
>managers it was a uswest managed server, nobody
>responded, nobody did anything, finally I think it just
>ran out on it's own, or somebody found it and removed
>it, I no longer get the virus attached e-mails.
>
>Never did get an I'm sorry, or a response..

Pus, stop your whining!
___________________________________________________________
This posting is provided with some warranties and confers
certain rights to you. For details on what your rights
are, send an email to horatiosanz121382@hotmail.com

Top

Re: Where does one report a webiste deliberately forcing virus accepta by BeamGuy

BeamGuy
Wed Sep 15 09:07:26 CDT 2004

You might also submit your information here. I have found them to
be useful in the past...

http://isc.sans.org/contact.php





"sgopus" <anonymous@discussions.microsoft.com> wrote in message news:18d601c499f4$5e185760$a501280a@phx.gbl...
> If you manage to find someone, let me know too.
> You would think ISP's would care more.
> I went for 6-9 months of getting daily attacks from this
> one site, trying to send me a virus, I did my duty of
> reporting to website managers it was a uswest managed
> server, nobody responded, nobody did anything, finally I
> think it just ran out on it's own, or somebody found it
> and removed it, I no longer get the virus attached e-mails.
> Never did get an I'm sorry, or a response..
>
>
>
> >-----Original Message-----
> >When I come across a website that tries to compel
> acceptance of a virus (in
> >this case Mhtreder.ge) which enables further hacking, who
> does one tell? My
> >impression is that my ISP, Verizon, couldn't care less -
> I'm utterly on my
> >own with the help of the Whois account they've set up for
> their users. This
> >is despite that their customer support in other areas is
> pretty good in my
> >experience.
> >
> >Using Whois in this case is problematic, as the site, at
> 4.31.21.33, at a
> >textually described (from Google) site called
> >
> > nakedpics.name/britney-spears-clips-sexy/
> britneyspearsclipssexy.html
> >
> >(three guesses what I was surfing for), is either
> directly held and not
> >subassigned by Level3, which I understand to be part of
> GTE, which I
> >understand to be associated with Verizon. The area is
> skipped over in a
> >search for subassignments from the 4.x.x.x-4.x.x.255
> netzone holder. Talk
> >about your self-looping error.
> >
> >My Panda firewall/virus picked up the named virus or
> variant being
> >downloaded via one of those OS-mimetic pop-up windows and
> which requires
> >going to task manager and completely nuking the browser
> to get out of.
> >
> >By coincidence, or perhaps not, I have been having
> persistent port scan
> >attacks from the 4.31.x.y netzone since at least the
> start of September,
> >though on certain occasion 4.x.y.z IPs are the remote
> sender and on rare
> >occassions it is from Asia.
> >
> >At any rate, is there a proper place for me to report a
> website deliberately
> >virus infecting surfers?
> >.
> >


Top