Joe Wein
Fighting spam and scams
on the Internet

Home / Blog / About us
Online fraud

Email Spam Filter:
Try it for free!

Google ignores virus reports for ten weeks

Last updated: 2004-06-15

Current virus senders do not leave an email address that one could contact. The only trace a recipient can follow to track down the sender is the sender's IP address. From that the ISP responsible for the address range can be determined. However, if the ISP is notified but ignores such notifications or for other reasons takes no action, there is nothing that can be done. The virus send will remain unaware he/she is sending out viruses on a daily basis and more and more computers will get infected.

We are receiving viruses from a particular customer at, an Austrian ISP for two and a half months after first notifying the company. We still have not received any response from their abuse department.

Notifications sent:

  • 2004-04-15
  • 2004-04-19
  • 2004-05-02
  • 2004-05-05
  • 2004-05-13
  • 2004-05-17
  • 2004-05-18
  • 2004-05-20
  • 2004-05-25
  • 2004-05-27
  • 2004-06-03
  • 2004-06-07
  • 2004-06-09
  • 2004-06-14
  • 2004-06-30
Betreff:	'netsky'-Virus von

Wir haben eine Viren-Mail von einem Ihrer Kunden bzw. aus Ihrem 
Netzwerk erhalten.

Vom selben Kunden erhalten wir bereits sechs Wochen Virenmails. 
Dies haben wir Ihrer Abuse-Abteilung zwischen 15.4. und 27.5. 
insgesamt 10mal per Email mitgeteilt.

Die aktuelle Mail enthielt folgenden gefaehrlichen Dateianhang:
    Dateiname: your_document.pif
    Dateityp: pif
    BASE64-verschluesselte Laenge: 23882

Hier sind Virenmail-Headerzeilen:

Received: from [] ( by with esmtp (Exim 4.34) id 1BTaKQ-00080q-1N
 for; Fri, 28 May 2004 07:54:52 +0200
Subject: Re: Document
Date: Fri, 28 May 2004 08:12:29 +0200
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_000_0011_0000117B.00004ACB"
X-Priority: 3
X-MSMail-Priority: Normal
Message-Id: <>


Joe Wein

Here is the Whois-entry for the IP-range:

     inetnum: -
     netname:      ASN-BGLD
     descr:        Schulvernetzung Burgenland
     country:      AT
     admin-c:      KP4431-RIPE
     admin-c:      RP1126
     tech-c:       WA527-RIPE
     status:       ASSIGNED PA
     mnt-by:       ACONET-LIR-MNT
     changed: 19970517
     changed: 20010510
     source:       RIPE
     descr:        LSR-BGLD
     origin:       AS1119
     mnt-by:       AS1119-MNT
     changed: 19980529
     source:       RIPE
     role:         Wellcom Admin
     address:      Austria
     phone:        +43 2682 704 330
     fax-no:       +43 2682 704 3318
     trouble:      mailto:
     admin-c:      KM6164-RIPE
     tech-c:       NA568-RIPE
     tech-c:       CS3143-RIPE
     tech-c:       RK5478-RIPE
     nic-hdl:      WA527-RIPE
     remarks:      Role Object Wellcom
     mnt-by:       AS8559-MNT
     changed: 20001214
     source:       RIPE
     person:       Raphaela Psihoda
     address:      BM f. Bildung, Wissenschaft und Kultur
     address:      Abt. Z/3
     address:      A-1014 Wien, Minoritenplatz 5
     phone:        +43 1 53120 2704
     fax-no:       +43 1 53120 2799
     nic-hdl:      RP1126
     mnt-by:       ACONET-LIR-MNT
     changed: 20000502
     changed: 20020926
     source:       RIPE
     person:       Klaus Pogats
     address:      Landesschulrat fuer Burgenland
     address:      Kernausteig 3
     address:      A-7000 Eisenstadt
     address:      Austria
     phone:        +43 2682 710 227
     fax-no:       +43 2682 710 79
     nic-hdl:      KP4431-RIPE
     mnt-by:       ACONET-LIR-MNT
     changed: 20010510
     source:       RIPE

Anti-Virus Resources:
jwSpamSpy is our spam+virus filtering software

Clueless virus filters spam innocent third parties

The Virus Ward: ISPs that appear to ignore reports of infected customer machines
NTL Internet ( ignores virus reports for almost three months ignores virus reports for six weeks ignores virus reports for three weeks ignores virus reports