Joe Wein
Fighting spam and scams
on the Internet

Home / Blog / About us
Spam
419/Nigeria
Online fraud
jwSpamSpy
Contact

Email Spam Filter:
jwSpamSpy
Try it for free!

Google
 

Dialog.net.pl ignores virus reports for three weeks

Current virus senders do not leave an email address that one could contact. The only trace a recipient can follow to track down the sender is the sender's IP address. From that the ISP responsible for the address range can be determined. However, if the ISP is notified but ignores such notifications or for other reasons takes no action, there is nothing that can be done. The virus send will remain unaware he/she is sending out viruses on a daily basis and more and more computers will get infected.

We received viruses from a particular customer at dialog.net.pl, a Polish ISP for a period of three weeks after first notifying the company.

Notifications sent:

  • 2004-05-22
  • 2004-05-24
  • 2004-05-28
  • 2004-06-19
  • 2004-06-01
  • 2004-06-03
  • 2004-06-04
  • 2004-06-05
  • 2004-06-14
On 2004-06-16 we received a reply, letting as know the abuse department had identified and warned the owner of the system. Since then we have received further viruses, virtually every day.
To: abuse@dialog.net.pl
Subject: Virus from xdsl-649.lubin.dialog.net.pl [81.168.162.137]

We have received a virus-email from your network.

The virus-email contained the following dangerous attachment:
    File name: .xx.pif
    File type: pif
    BASE64-encoded size: 35786

Here is the mail header of the virus mail:

Received: from xdsl-649.lubin.dialog.net.pl ([81.168.162.137] 
 helo=drogenpolitik.org) by delta.mc1.hosteurope.de with esmtp
 (Exim 4.34) id 1BZQXV-0008Ht-FN for myname@mydomain;
 Sun, 13 Jun 2004 10:41:12 +0200
From: name@domain
To: myname@mydomain
Subject: Re: document
Date: Sun, 13 Jun 2004 10:49:25 +0200
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_000_0002_00007D82.00003726"
X-Priority: 3
X-MSMail-Priority: Normal
Message-Id: <20040613084133.CD4599A0D1@host.mydomain>

Anti-Virus Resources:
jwSpamSpy is our spam+virus filtering software

Clueless virus filters spam innocent third parties

The Virus Ward: ISPs that appear to ignore reports of infected customer machines
NTL Internet (NTLI.net) ignores virus reports for almost three months
Wellcom.at ignores virus reports for six weeks
Dialog.net.pl ignores virus reports for three weeks
bhartibroadband.com ignores virus reports