jwSpamSpy Recent spam domains Spam domain blacklist
Links joewein.de joewein.net Contact |
|
|
NTLI.net ignores virus reports
See also:Current virus senders do not leave an email address that one could contact. The only trace a recipient can follow to track down the sender is the sender's IP address. From that the ISP responsible for the address range can be determined. However, if the ISP is notified but ignores such notifications or for other reasons takes no action, there is nothing that can be done. The virus sender will remain unaware that he/she is infected and sending out viruses on a daily basis. As a resut, more and more computers are in danger of getting infected.
On March 11, 2004 we first reported receiving viruses (Netsky) from a particular customer at ntli.net, a UK-based ISP. The last virus (so far) arrived on June 2, 2004.
Neither the abuse-address nor the rather complicated webform that NTLI insists people use if they don't want their reports ignored yielded any meaningful results. The fax number given in the webform response was not contactable.
inetnum: 80.5.0.0 - 80.5.63.255 netname: NTL descr: NTL Baguley - Cable Headend country: GB admin-c: NNMC1-RIPE tech-c: NNMC1-RIPE status: ASSIGNED PA mnt-by: AS5089-MNT changed: hostmaster@ntli.net 20020417 changed: hostmaster@ntli.net 20020815 source: RIPE route: 80.0.0.0/13 descr: NTL-UK-IP-BLOCK origin: AS5089 mnt-by: AS5089-MNT changed: neil.parker@ntl.com 20010426 source: RIPE role: NTLI Network Management Centre address: NTL Internet address: Crawley Court address: Winchester address: Hampshire address: SO21 2QA trouble: ------------------------------------------------------- trouble: For abuse notifications please - trouble: file an online case @ http://www.ntlworld.com/netreport trouble: +44 2920 305142 trouble: ------------------------------------------------------- trouble: For peering issues/requests please - trouble: email : peering@ntli.net trouble: ------------------------------------------------------- admin-c: MH22007-RIPE admin-c: CF2297-RIPE admin-c: CM1377-RIPE tech-c: MH22007-RIPE tech-c: CF2297-RIPE tech-c: CM1377-RIPE nic-hdl: NNMC1-RIPE mnt-by: AS5089-MNT notify: data.planning@ntl.com e-mail: data.planning@ntl.com changed: hostmaster@ntli.net 20020815 changed: hostmaster@ntli.net 20020913 changed: hostmaster@ntli.net 20030328 changed: hostmaster@ntli.net 20030401 changed: hostmaster@ntli.net 20030603 changed: hostmaster@ntli.net 20030707 changed: hostmaster@ntli.net 20040303 changed: hostmaster@ntli.net 20040312 source: RIPE
Here is a sample of an email notification to NTLI:
Virus from 80.5.30.141 We have received a virus-email from your network. The virus-email contained the following dangerous attachment: File name: all_document.pif File type: pif BASE64-encoded size: 24034 Here is the mail header of the virus mail: Received: from mydomain ([80.5.30.141]) by myhost.mydomain with Microsoft SMTPSVC(5.0.2195.6713); Tue, 1 Jun 2004 12:17:37 -0700 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 From: someinnocentguy@someinnocentisp To: myname@mydomain Subject: Re: Approved Date: Tue, 1 Jun 2004 20:16:47 +0100 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0006_00006893.00007D36" X-Priority: 3 X-MSMail-Priority: Normal Return-Path: <someinnocentguy@someinnocentisp> Message-ID: >DEWEYde13YDLVBXbpEk00000a96@ourisp> X-OriginalArrivalTime: 01 Jun 2004 19:17:37.0468 (UTC) FILETIME=[199C87C0:01C4480D]
When email notifications did not have any effect, we contacted NTL Internet via their webform. We received the following response:
Note that this email arrived from an invalid email address. You can not reply to it, should you wish to engage "in any further correspondance" about the problem. Similar autoresponder messages were received on May 13, May 26 and June 1, 2004. Six weeks after the above first response no action had been taken. When we tried to contact NTLI by fax on June 2, 2004 the above fax number was always busy, even in the middle of the night.From: <noreply@ntl.invalid> To: <myname@myisp> Sent: Monday, 19 April, 2004 16:25 Subject: Confirmation receipt of report to ntl Acceptable Use Policy team, ref: 6255 **************************************** **PLEASE NOTE THIS IS AN AUTORESPONDER** **************************************** Dear Joe Wein please accept this email as confirmation of our having received your Internet abuse report/Security related enquiry. Your report has been assigned the following reference number:6255 Please quote this reference in any further correspondance when refering to this complaint. Regards. Acceptable Use Policy Team - Internet Abuse & Security Group Risk Assurance, Financial Control Division, ntl Tel No. +44 (0)29 2030 5142 Fax No. +44 (0)29 2030 5076 Opening Hrs: Mon - Fri 0800-1600 hrs http://www.ntlworld.com/help/aup/index.html http://www.ntlworld.com/netreport http://www.ntlworld.com/help/aup/netreporthelp.html ******************************** *Latest News and Ongoing Issues* ******************************** Older Articles are available at http://aup.ntl.com [remainder of NTLI response snipped, JW]
Anti-Virus Resources:
jwSpamSpy is our spam+virus filtering software
Clueless virus filters spam innocent third parties
The Virus Ward: ISPs that appear to ignore reports of infected customer machines
NTL Internet (NTLI.net) ignores virus reports for almost three months
Wellcom.at ignores virus reports for six weeks
Dialog.net.pl ignores virus reports for three weeks
bhartibroadband.com ignores virus reports