Joe Wein
Fighting spam and scams
on the Internet

Home / Blog / About us
Spam
419/Nigeria
Online fraud
jwSpamSpy
Contact

Email Spam Filter:
jwSpamSpy
Try it for free!

Google
 

Wellcom.at ignores virus reports for ten weeks

Last updated: 2004-06-15

Current virus senders do not leave an email address that one could contact. The only trace a recipient can follow to track down the sender is the sender's IP address. From that the ISP responsible for the address range can be determined. However, if the ISP is notified but ignores such notifications or for other reasons takes no action, there is nothing that can be done. The virus send will remain unaware he/she is sending out viruses on a daily basis and more and more computers will get infected.

We are receiving viruses from a particular customer at wellcom.at, an Austrian ISP for two and a half months after first notifying the company. We still have not received any response from their abuse department.

Notifications sent:

  • 2004-04-15
  • 2004-04-19
  • 2004-05-02
  • 2004-05-05
  • 2004-05-13
  • 2004-05-17
  • 2004-05-18
  • 2004-05-20
  • 2004-05-25
  • 2004-05-27
  • 2004-06-03
  • 2004-06-07
  • 2004-06-09
  • 2004-06-14
  • 2004-06-30
An:		abuse@wellcom.at
Betreff:	'netsky'-Virus von 193.171.248.49

Wir haben eine Viren-Mail von einem Ihrer Kunden bzw. aus Ihrem 
Netzwerk erhalten.

Vom selben Kunden erhalten wir bereits sechs Wochen Virenmails. 
Dies haben wir Ihrer Abuse-Abteilung zwischen 15.4. und 27.5. 
insgesamt 10mal per Email mitgeteilt.

Die aktuelle Mail enthielt folgenden gefaehrlichen Dateianhang:
    Dateiname: your_document.pif
    Dateityp: pif
    BASE64-verschluesselte Laenge: 23882

Hier sind Virenmail-Headerzeilen:

-----
Received: from [193.171.248.49] (helo=drogenpolitik.org) by 
 delta.mc1.hosteurope.de with esmtp (Exim 4.34) id 1BTaKQ-00080q-1N
 for webmaster@drogenpolitik.org; Fri, 28 May 2004 07:54:52 +0200
From: schoch@sheba.arc.nasa.gov
To: webmaster@drogenpolitik.org
Subject: Re: Document
Date: Fri, 28 May 2004 08:12:29 +0200
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_000_0011_0000117B.00004ACB"
X-Priority: 3
X-MSMail-Priority: Normal
Message-Id: <20040528055515.A93D5C895E@majesty.pobox.com>
-----

MfG

Joe Wein
joewein@pobox.com


Here is the Whois-entry for the IP-range:

     inetnum:      193.171.248.0 - 193.171.248.255
     netname:      ASN-BGLD
     descr:        Schulvernetzung Burgenland
     country:      AT
     admin-c:      KP4431-RIPE
     admin-c:      RP1126
     tech-c:       WA527-RIPE
     status:       ASSIGNED PA
     notify:       c.schuster@wellcom.at
     mnt-by:       ACONET-LIR-MNT
     changed:      Woeber@UniVie.ac.at 19970517
     changed:      woeber@univie.ac.at 20010510
     source:       RIPE
     
     route:        193.171.248.0/24
     descr:        LSR-BGLD
     origin:       AS1119
     mnt-by:       AS1119-MNT
     changed:      raphaela.psihoda@bmuvie.gv.at 19980529
     source:       RIPE
     
     role:         Wellcom Admin
     address:      Austria
     phone:        +43 2682 704 330
     fax-no:       +43 2682 704 3318
     e-mail:       info@wellcom.at
     trouble:      mailto: info@wellcom.at
     admin-c:      KM6164-RIPE
     tech-c:       NA568-RIPE
     tech-c:       CS3143-RIPE
     tech-c:       RK5478-RIPE
     nic-hdl:      WA527-RIPE
     remarks:      Role Object Wellcom
     notify:       c.schuster@wellcom.at
     notify:       albler@nts.at
     mnt-by:       AS8559-MNT
     changed:      c.schuster@wellcom.at 20001214
     source:       RIPE
     
     person:       Raphaela Psihoda
     address:      BM f. Bildung, Wissenschaft und Kultur
     address:      Abt. Z/3
     address:      A-1014 Wien, Minoritenplatz 5
     phone:        +43 1 53120 2704
     fax-no:       +43 1 53120 2799
     e-mail:       Raphaela.Psihoda@bmbwk.gv.at
     nic-hdl:      RP1126
     notify:       Raphaela.Psihoda@bmbwk.gv.at
     mnt-by:       ACONET-LIR-MNT
     changed:      Raphaela.Psihoda@bmuk.gv.at 20000502
     changed:      Woeber@CC.UniVie.ac.at 20020926
     source:       RIPE
     
     person:       Klaus Pogats
     address:      Landesschulrat fuer Burgenland
     address:      Kernausteig 3
     address:      A-7000 Eisenstadt
     address:      Austria
     e-mail:       klaus.pogats@lsr-bgld.gv.at
     phone:        +43 2682 710 227
     fax-no:       +43 2682 710 79
     nic-hdl:      KP4431-RIPE
     mnt-by:       ACONET-LIR-MNT
     changed:      woeber@univie.ac.at 20010510
     source:       RIPE


Anti-Virus Resources:
jwSpamSpy is our spam+virus filtering software

Clueless virus filters spam innocent third parties

The Virus Ward: ISPs that appear to ignore reports of infected customer machines
NTL Internet (NTLI.net) ignores virus reports for almost three months
Wellcom.at ignores virus reports for six weeks
Dialog.net.pl ignores virus reports for three weeks
bhartibroadband.com ignores virus reports