To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
----------
Exactly what I was thinking. I received a call from a small business who uses
the aforementioned hosting provider saying their web site was just a white
page. I checked it out and sure enough it was infected with the iframe hack.
I started viewing other websites on that server and found others who had the
same issue. I wanted to start contacting the web site owners and notifying
them, but thought I better find out what others think about a move like that.
I too am blocking access to those websites. I'd rather explain why they're
blocked than to explain why someone got infected.
By default, we filter all iframe code anyway, but I'd like to just block those
websites too.
Thank you for your response.
________________________________
From: J. Oquendo [mailto:[EMAIL PROTECTED]
Sent: Mon 1/22/2007 7:37 AM
To: Thomas Raef
Cc: William Atchison; [email protected]
Subject: Re: [botnets] Massively Infected Host
Thomas Raef wrote:
> To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
> ----------
>
> ------------------------------------------------------------------------
>
> Is it considered wrong or tacky or inappropriate to contact the
> webmasters at the infected domains and let them know?
>
> Or is that considered responsible?
>
> I would really like to know.
I would say it depends on the actual host. In this instance (iPower*)
it's obvious that they've been infected for quite some time and they
have been notified as can be seen via Google searches for terms like
"infection" +virus +iPowerweb. It would be nice if network operators
joined in and blocked flagrant hosts until they got their act together.
Something akin to an RBL only tailored for malware/virus infected
websites. Right now I took the time to block out the entire netblock on
about 30+ geographically dispersed networks I maintain and manage. I
look at it like this, I would rather a user contact me asking why
something is blocked and explaining it as opposed to leaving it open and
ripe for infecting users on any network I maintain. What I have noticed
with some domains/networks/operators is, when you contact them and CC it
to say a list whether its a networking list, a security list, etc.,
they're more inclined to fix things. To some this may be tacky, some may
find it unprofessional but I find it gets the job done. Perhaps a
warning in your email, "Next message will be sent to network mailing
lists..."
--
====================================================
J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
sil . infiltrated @ net http://www.infiltrated.net
The happiness of society is the end of government.
John Adams
_______________________________________________
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
All list and server information are public and available to law enforcement
upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
