Email Spam Filter:
jwSpamSpy
Try it for free!


About spam / "419" / Blog
jwSpamSpy
Recent spam domains
Spam domain blacklist

Software
Links
joewein.de
joewein.net
Contact
Google

 

Chello.at ignores virus reports for two months

Last updated: 2004-06-21

Current virus senders do not leave an email address that one could contact. The only trace a recipient can follow to track down the sender is the sender's IP address. From that the ISP responsible for the address range can be determined. However, if the ISP is notified but ignores such notifications or for other reasons takes no action, there is nothing that can be done. The virus send will remain unaware he/she is sending out viruses on a daily basis and more and more computers will get infected.

We are receiving viruses from a particular customer at chello.at, a major Austrian ISP for two months after first notifying the company. At this time we still have not received any response from their abuse department.

Notifications sent:

  • 2004-04-18
  • 2004-04-24
  • 2004-05-02
  • 2004-05-22
  • 2004-05-24
  • 2004-05-26
  • 2004-06-08
  • 2004-06-21
Here is a sample header of one of the Netsky Virus mails abusing one of my addresses as a sender address:
Received: from inbox.nytimes.com (chello080109227172.1.klafu.surfer.at [80.109.227.172])
 by ms2.lga2.nytimes.com (Postfix) with ESMTP id 15DE6273197
 for <announce@inbox.nytimes.com>; Sun, 20 Jun 2004 06:07:26 -0400 (EDT)
From: myname@mydomain
To: announce@inbox.nytimes.com
Subject: Mail Delivery (failure announce@inbox.nytimes.com)
Date: Sun, 20 Jun 2004 12:08:39 +0200
MIME-Version: 1.0
Content-Type: multipart/related; type="multipart/alternative";
 boundary="----=_NextPart_000_001B_01C0CA80.6B015D10"
X-Priority: 3
X-MSMail-Priority: Normal
Message-Id: <20040620100726.15DE6273197@ms2.lga2.nytimes.com>


Here is the Whois-entry for the IP-range:

     inetnum:      80.109.224.0 - 80.109.231.255
     netname:      KLAFU-CUSTOMER-DOCSIS
     descr:        chello Austria
     descr:        Customers in Klagenfurt
     country:      AT
     admin-c:      HMCB1-RIPE
     tech-c:       HMCB1-RIPE
     status:       ASSIGNED PA
     remarks:      Contact abuse@chello.at concerning criminal
     remarks:      activities like spam, hacks, portscans
     notify:       hostmaster@chello.at
     mnt-by:       CHELLO-MNT
     changed:      hostmaster@chello.at 20031117
     source:       RIPE
     
     route:        80.109.0.0/16
     descr:        UPC Technology
     origin:       AS6830
     mnt-by:       CHELLO-MNT
     changed:      hostmaster@chello.at 20020716
     source:       RIPE
     
     role:         Hostmaster Chello Broadband
     address:      UPC Technology
     address:      Internet Services
     address:      Erlachplatz 116
     address:      A-1100 Vienna
     address:      Austria
     phone:        +43 1 96068 5000
     fax-no:       +43 1 96068 5666
     e-mail:       hostmaster@chello.at
     admin-c:      AK991-RIPE
     tech-c:       SB666-RIPE
     tech-c:       MS2509-RIPE
     tech-c:       AK991-RIPE
     nic-hdl:      HMCB1-RIPE
     notify:       hostmaster@chello.at
     mnt-by:       CHELLO-MNT
     changed:      hostmaster@chello.at 20040204
     source:       RIPE


Anti-Virus Resources:
jwSpamSpy is our spam+virus filtering software

Clueless virus filters spam innocent third parties

The Virus Ward: ISPs that appear to ignore reports of infected customer machines
NTL Internet (NTLI.net) ignores virus reports for almost three months
Wellcom.at ignores virus reports for six weeks
Dialog.net.pl ignores virus reports for three weeks
bhartibroadband.com ignores virus reports