Joe Wein
Fighting spam and scams
on the Internet

Home / Blog / About us
Spam
419/Nigeria
Online fraud
jwSpamSpy
Contact

Email Spam Filter:
jwSpamSpy
Try it for free!

Google
 

bhartibroadband.com ignores virus reports

Current virus senders do not leave an email address that one could contact. The only trace a recipient can follow to track down the sender is the sender's IP address. From that the ISP responsible for the address range can be determined. However, if the ISP is notified but ignores such notifications or for other reasons takes no action, there is nothing that can be done. The virus sender will remain unaware that he/she is infected and sending out viruses on a daily basis. As a resut, more and more computers are in danger of getting infected.

On April 7, 2004 I received a virus email (Netsky) from a customer at bhartibroadband.com, a broadband ISP based in Delhi and other cities in India. I reported it the next day. As I write these lines, at the beginning of June 2004, that customer is still connected, still infected and still sending us viruses on a daily basis.

Here is the WHOIS-record:

     inetnum:      61.247.224.0 - 61.247.239.0
     netname:      BHARTI-IN
     descr:        For DSL Customer North
     descr:        Bharti Broadband Network Ltd.
     descr:        234
     descr:        Okhla Industrial Area
     descr:        Phase III
     descr:        Delhi
     descr:        India
     country:      IN
     admin-c:      NA40-AP
     tech-c:       NA40-AP
     mnt-by:       MAINT-IN-BBIL
     status:       ASSIGNED NON-PORTABLE
     changed:      techsupport@bhartibroadband.com  20031113
     source:       APNIC
     
     person:       Network Administrator
     address:      Bharti BT Internet Ltd.,D-189,Okhla Ind. Area,
     address:      New Delhi,INDIA-110020
     country:      IN
     phone:        11-6810088
     fax-no:       11-6810083
     e-mail:       techsupport@bhartibroadband.com
     nic-hdl:      NA40-AP
     mnt-by:       MAINT-IN-BBIL
     changed:      techsupport@bhartibroadband.com 20010813
     source:       APNIC

Here is a sample of the virus header:

Received: from mydomain ([61.247.235.188]) by myhost.mydomain
          (Post.Office MTA v3.5.3 release 223 ID# 0-58414U4500L450S0V35)
          with ESMTP id net for <myname@mydomain>;
          Wed, 7 Apr 2004 03:06:57 -0700
From: someinnocentguy@someinnocentisp
To: myname@mydomain
Subject: Mail Delivery (failure myname@mydomain)
Date: Wed, 7 Apr 2004 15:39:25 +0530
MIME-Version: 1.0
Content-Type: multipart/related; type="multipart/alternative";
boundary="----=_NextPart_000_001B_01C0CA80.6B015D10"
X-Priority: 3
X-MSMail-Priority: Normal

Anti-Virus Resources:
jwSpamSpy is our spam+virus filtering software

Clueless virus filters spam innocent third parties

The Virus Ward: ISPs that appear to ignore reports of infected customer machines
NTL Internet (NTLI.net) ignores virus reports for almost three months
Wellcom.at ignores virus reports for six weeks
Dialog.net.pl ignores virus reports for three weeks
bhartibroadband.com ignores virus reports