Dialog.net.pl ignores virus reports for three weeks
Current virus senders do not leave an email address that one could contact. The only trace a recipient can follow to track down the sender is the sender's IP address. From that the ISP responsible for the address range can be determined. However, if the ISP is notified but ignores such notifications or for other reasons takes no action, there is nothing that can be done. The virus send will remain unaware he/she is sending out viruses on a daily basis and more and more computers will get infected.
We received viruses from a particular customer at dialog.net.pl, a Polish ISP for a period of three weeks after first notifying the company.
To: firstname.lastname@example.org Subject: Virus from xdsl-649.lubin.dialog.net.pl [188.8.131.52] We have received a virus-email from your network. The virus-email contained the following dangerous attachment: File name: .xx.pif File type: pif BASE64-encoded size: 35786 Here is the mail header of the virus mail: Received: from xdsl-649.lubin.dialog.net.pl ([184.108.40.206] helo=drogenpolitik.org) by delta.mc1.hosteurope.de with esmtp (Exim 4.34) id 1BZQXV-0008Ht-FN for myname@mydomain; Sun, 13 Jun 2004 10:41:12 +0200 From: name@domain To: myname@mydomain Subject: Re: document Date: Sun, 13 Jun 2004 10:49:25 +0200 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0002_00007D82.00003726" X-Priority: 3 X-MSMail-Priority: Normal Message-Id: <20040613084133.CD4599A0D1@host.mydomain>
The Virus Ward: ISPs that appear to ignore reports of infected customer machines