Chello.at ignores virus reports for two monthsLast updated: 2004-06-21
Current virus senders do not leave an email address that one could contact. The only trace a recipient can follow to track down the sender is the sender's IP address. From that the ISP responsible for the address range can be determined. However, if the ISP is notified but ignores such notifications or for other reasons takes no action, there is nothing that can be done. The virus send will remain unaware he/she is sending out viruses on a daily basis and more and more computers will get infected.
We are receiving viruses from a particular customer at chello.at, a major Austrian ISP for two months after first notifying the company. At this time we still have not received any response from their abuse department.
Received: from inbox.nytimes.com (chello080109227172.1.klafu.surfer.at [126.96.36.199]) by ms2.lga2.nytimes.com (Postfix) with ESMTP id 15DE6273197 for <firstname.lastname@example.org>; Sun, 20 Jun 2004 06:07:26 -0400 (EDT) From: myname@mydomain To: email@example.com Subject: Mail Delivery (failure firstname.lastname@example.org) Date: Sun, 20 Jun 2004 12:08:39 +0200 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_001B_01C0CA80.6B015D10" X-Priority: 3 X-MSMail-Priority: Normal Message-Id: <20040620100726.15DE6273197@ms2.lga2.nytimes.com>
Here is the Whois-entry for the IP-range:
inetnum: 188.8.131.52 - 184.108.40.206 netname: KLAFU-CUSTOMER-DOCSIS descr: chello Austria descr: Customers in Klagenfurt country: AT admin-c: HMCB1-RIPE tech-c: HMCB1-RIPE status: ASSIGNED PA remarks: Contact email@example.com concerning criminal remarks: activities like spam, hacks, portscans notify: firstname.lastname@example.org mnt-by: CHELLO-MNT changed: email@example.com 20031117 source: RIPE route: 220.127.116.11/16 descr: UPC Technology origin: AS6830 mnt-by: CHELLO-MNT changed: firstname.lastname@example.org 20020716 source: RIPE role: Hostmaster Chello Broadband address: UPC Technology address: Internet Services address: Erlachplatz 116 address: A-1100 Vienna address: Austria phone: +43 1 96068 5000 fax-no: +43 1 96068 5666 e-mail: email@example.com admin-c: AK991-RIPE tech-c: SB666-RIPE tech-c: MS2509-RIPE tech-c: AK991-RIPE nic-hdl: HMCB1-RIPE notify: firstname.lastname@example.org mnt-by: CHELLO-MNT changed: email@example.com 20040204 source: RIPE
The Virus Ward: ISPs that appear to ignore reports of infected customer machines