jwSpamSpy Recent spam domains Spam domain blacklist
Links joewein.de joewein.net Contact |
|
|
NTLI.net ignores virus reports
See also:Current virus senders do not leave an email address that one could contact. The only trace a recipient can follow to track down the sender is the sender's IP address. From that the ISP responsible for the address range can be determined. However, if the ISP is notified but ignores such notifications or for other reasons takes no action, there is nothing that can be done. The virus sender will remain unaware that he/she is infected and sending out viruses on a daily basis. As a resut, more and more computers are in danger of getting infected.
On March 11, 2004 we first reported receiving viruses (Netsky) from a particular customer at ntli.net, a UK-based ISP. The last virus (so far) arrived on June 2, 2004.
Neither the abuse-address nor the rather complicated webform that NTLI insists people use if they don't want their reports ignored yielded any meaningful results. The fax number given in the webform response was not contactable.
Here is the WHOIS-record:
Here is a sample of an email notification to NTLI:
When email notifications did not have any effect, we contacted NTL Internet via their webform. We received the following response:
Anti-Virus Resources:
Clueless virus filters spam innocent third parties
The Virus Ward: ISPs that appear to ignore reports of infected customer machines inetnum: 80.5.0.0 - 80.5.63.255
netname: NTL
descr: NTL Baguley - Cable Headend
country: GB
admin-c: NNMC1-RIPE
tech-c: NNMC1-RIPE
status: ASSIGNED PA
mnt-by: AS5089-MNT
changed: hostmaster@ntli.net 20020417
changed: hostmaster@ntli.net 20020815
source: RIPE
route: 80.0.0.0/13
descr: NTL-UK-IP-BLOCK
origin: AS5089
mnt-by: AS5089-MNT
changed: neil.parker@ntl.com 20010426
source: RIPE
role: NTLI Network Management Centre
address: NTL Internet
address: Crawley Court
address: Winchester
address: Hampshire
address: SO21 2QA
trouble: -------------------------------------------------------
trouble: For abuse notifications please -
trouble: file an online case @ http://www.ntlworld.com/netreport
trouble: +44 2920 305142
trouble: -------------------------------------------------------
trouble: For peering issues/requests please -
trouble: email : peering@ntli.net
trouble: -------------------------------------------------------
admin-c: MH22007-RIPE
admin-c: CF2297-RIPE
admin-c: CM1377-RIPE
tech-c: MH22007-RIPE
tech-c: CF2297-RIPE
tech-c: CM1377-RIPE
nic-hdl: NNMC1-RIPE
mnt-by: AS5089-MNT
notify: data.planning@ntl.com
e-mail: data.planning@ntl.com
changed: hostmaster@ntli.net 20020815
changed: hostmaster@ntli.net 20020913
changed: hostmaster@ntli.net 20030328
changed: hostmaster@ntli.net 20030401
changed: hostmaster@ntli.net 20030603
changed: hostmaster@ntli.net 20030707
changed: hostmaster@ntli.net 20040303
changed: hostmaster@ntli.net 20040312
source: RIPEVirus from 80.5.30.141
We have received a virus-email from your network.
The virus-email contained the following dangerous attachment:
File name: all_document.pif
File type: pif
BASE64-encoded size: 24034
Here is the mail header of the virus mail:
Received: from mydomain ([80.5.30.141]) by myhost.mydomain
with Microsoft SMTPSVC(5.0.2195.6713); Tue, 1 Jun 2004 12:17:37 -0700
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
From: someinnocentguy@someinnocentisp
To: myname@mydomain
Subject: Re: Approved
Date: Tue, 1 Jun 2004 20:16:47 +0100
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0006_00006893.00007D36"
X-Priority: 3
X-MSMail-Priority: Normal
Return-Path: <someinnocentguy@someinnocentisp>
Message-ID: >DEWEYde13YDLVBXbpEk00000a96@ourisp>
X-OriginalArrivalTime: 01 Jun 2004 19:17:37.0468 (UTC)
FILETIME=[199C87C0:01C4480D]
Note that this email arrived from an invalid email address. You can not reply to it, should you wish to engage "in any further correspondance" about the problem. Similar autoresponder messages were received on May 13, May 26 and June 1, 2004. Six weeks after the above first response no action had been taken. When we tried to contact NTLI by fax on June 2, 2004 the above fax number was always busy, even in the middle of the night.
From: <noreply@ntl.invalid>
To: <myname@myisp>
Sent: Monday, 19 April, 2004 16:25
Subject: Confirmation receipt of report to ntl Acceptable Use Policy team, ref: 6255
****************************************
**PLEASE NOTE THIS IS AN AUTORESPONDER**
****************************************
Dear Joe Wein
please accept this email as confirmation of our having received your
Internet abuse report/Security related enquiry.
Your report has been assigned the following reference number:6255
Please quote this reference in any further correspondance when
refering to this complaint.
Regards.
Acceptable Use Policy Team - Internet Abuse & Security
Group Risk Assurance, Financial Control Division, ntl
Tel No. +44 (0)29 2030 5142
Fax No. +44 (0)29 2030 5076
Opening Hrs: Mon - Fri 0800-1600 hrs
http://www.ntlworld.com/help/aup/index.html
http://www.ntlworld.com/netreport
http://www.ntlworld.com/help/aup/netreporthelp.html
********************************
*Latest News and Ongoing Issues*
********************************
Older Articles are available at http://aup.ntl.com
[remainder of NTLI response snipped, JW]
jwSpamSpy is our spam+virus filtering software
NTL Internet (NTLI.net) ignores virus reports for almost three months
Wellcom.at ignores virus reports for six weeks
Dialog.net.pl ignores virus reports for three weeks
bhartibroadband.com ignores virus reports