[virus] your host (69.50.191.68)

[P. Thompson]

Date: Sat, 8 Jan 2005 23:29:01 -0600 (CST)
From: Paul Thompson <munged>
To: (e-mail address removed), (e-mail address removed)
Cc: cybercrime <[email protected]>, Federal Trade Commission
<[email protected]>
Subject: your host (69.50.191.68)


Your host (69.50.191.68) is responsible for distributing the Java/Byte
Verify exploit trojan. Please correct this at once!

hxxp://69.50.191.68/eb/be/BlackBox.class
hxxp://69.50.191.68/eb/be/Dummy.class
hxxp://69.50.191.68/eb/be/VerifierBug.class

 

[Spin Dryer]

On Sun, 09 Jan 2005 15:51:40 GMT, [P. Thompson] said :-

Who do you think you're talking to, posting this ?

 

[P. Thompson]

On Sun, 09 Jan 2005 15:51:40 GMT, [P. Thompson] said :-

Who do you think you're talking to, posting this ?

This is an "anti-virus" news group, I believe I am talking to people
interested in anti-virus issues, posting this.

Specifically, I believe discussion of "anti-virus" can extend to
notification of the abusive practises of some ISP's.

Ultimately, I hope that more people will begin to hold ISP's responsible
for their content and/or that more people will insist that functionality
be added to anti virus software to identify the source (rather than the
mere existence) of virus content.

Thanks for asking.

 

[Spin Dryer]

On Sun, 09 Jan 2005 17:53:45 GMT, [P. Thompson] said :-

On Sun, 09 Jan 2005 15:51:40 GMT, [P. Thompson] said :-

Who do you think you're talking to, posting this ?

This is an "anti-virus" news group, I believe I am talking to people
interested in anti-virus issues, posting this.

Specifically, I believe discussion of "anti-virus" can extend to
notification of the abusive practises of some ISP's.

Ultimately, I hope that more people will begin to hold ISP's responsible
for their content and/or that more people will insist that functionality
be added to anti virus software to identify the source (rather than the
mere existence) of virus content.

Thanks for asking.

And explain your reasoning behind the abuse teams contacted for

69.50.191.68

 

[Conor]

On Sun, 09 Jan 2005 15:51:40 GMT, [P. Thompson] said :-

Who do you think you're talking to, posting this ?

This is an "anti-virus" news group, I believe I am talking to people
interested in anti-virus issues, posting this.

Why? What the **** is the point you're trying to make?

Specifically, I believe discussion of "anti-virus" can extend to
notification of the abusive practises of some ISP's.

What the **** for?

 

[ah]

On Sun, 09 Jan 2005 17:53:45 GMT, [P. Thompson] said :-

On Sun, 09 Jan 2005 15:51:40 GMT, [P. Thompson] said :-



Who do you think you're talking to, posting this ?

This is an "anti-virus" news group, I believe I am talking to people
interested in anti-virus issues, posting this.

Specifically, I believe discussion of "anti-virus" can extend to
notification of the abusive practises of some ISP's.

Ultimately, I hope that more people will begin to hold ISP's responsible
for their content and/or that more people will insist that functionality
be added to anti virus software to identify the source (rather than the
mere existence) of virus content.

Thanks for asking.

And explain your reasoning behind the abuse teams contacted for

69.50.191.68

A distraction while he sent the real one(s)?

 

[P. Thompson]

A distraction while he sent the real one(s)?

69.50.191.68's abuse contact is (e-mail address removed), which does bounces all
incoming mail.

So, next step is to contact those supplying connectivity to the domain.

What would you do?

 

[P. Thompson]

And explain your reasoning behind the abuse teams contacted for

69.50.191.68

----- The following addresses had permanent fatal errors -----
<[email protected]>
(reason: 550 5.7.1 Access denied)

----- The following addresses had permanent fatal errors -----
<[email protected]>
(reason: 550 5.7.1 Access denied)

 

[P. Thompson]

What the **** for?

Why the **** not?

At the very least, isn't it interesting to think about?

Is repeating "Update Windows. Use a firewall. " 1,000,000 times the
solution? It fixes the small picture, but not the big one.

How about getting a bright light and watching bugs scatter.

 

[kurt wismer]

Why the **** not?

At the very least, isn't it interesting to think about?

Is repeating "Update Windows. Use a firewall. " 1,000,000 times the
solution? It fixes the small picture, but not the big one.

How about getting a bright light and watching bugs scatter.

how about sending your notifications to people who can actually do
something about it...

 

[Noh Won Supeshuru]

Me?

On Sun, 09 Jan 2005 15:51:40 GMT, [P. Thompson] said :-

Who do you think you're talking to, posting this ?

 

[NormanM]

69.50.191.68's abuse contact is (e-mail address removed), which does bounces all
incoming mail.

So, next step is to contact those supplying connectivity to the domain.

What would you do?

Contact nLayer? Where does GBLX fit into that picture?

 

[P. Thompson]

how about sending your notifications to people who can actually do
something about it...

Thanks for the insight, kurt, you rule.

Hmm, the official abuse contact atrivo bounces incoming email to abuse@,
noc@, even postmaster@ . What other people are there "who can actually do
something about it" than atrivo/esthost's upstream?

It is my personal opinion that nlayer accepts virus distribution as an
acceptable business practice both from the volume of viri I've seen from
their customer esthost/atrivo over the past three months and the fact that
nlayers's acceptable use practices (if not their policy) permit their
customers to have bounce-only email addresses for abuse contact for months
on end.

Hence notification of gblx, whose remaining unindicted executives are
surely as pure as the driven snow and will get to the bottom of this.
Or whatever.

 

[kurt wismer]

Thanks for the insight, kurt, you rule.

Hmm, the official abuse contact atrivo bounces incoming email to abuse@,
noc@, even postmaster@ . What other people are there "who can actually do
something about it" than atrivo/esthost's upstream?

i don't know precisely who can help you, but i know who can't...

clue: nobody in this newsgroup can help you...

[snip]

Hence notification of gblx, whose remaining unindicted executives are
surely as pure as the driven snow and will get to the bottom of this.
Or whatever.

fine, whatever, send them your notifications, but do us a favour and
don't send them here...

 

[Conor]

Why the **** not?

At the very least, isn't it interesting to think about?

Not really.

 

[P. Thompson]

Not really.

Your loss.

 

[P. Thompson]

fine, whatever, send them your notifications, but do us a favour and
don't send them here...

Okay but why? Why does it bother you so? I am not asking for help, I am
trying to stir thought: is the status quo in anti-virus really acceptable?

I realize this is a little outside of the status quo of this group which
consists of treating virus infections like acts of god and cutting and
pasting the same dozen lines of Windows delousing techniques over and over
ad nauseum...

Why do you feel so oddly proprietary about this newsgroup that my
anti-virus topical postings are too off topic for this unmoderated
anti-virus newsgroup?

 

[Conor]

Your loss.

It isn't.

 

[kurt wismer]

Okay but why? Why does it bother you so?

because there's more than enough useless junk in here already...

I am not asking for help, I am
trying to stir thought: is the status quo in anti-virus really acceptable?

i'm sorry but that is not how you've been presenting things...

you've been posting articles that ask for the removal of content in a
group where no one has the authority or ability to remove that content...

if you want to provoke thought then ask questions that have no easy
answer and/or engage us in a topic - don't post "please remove this
content" messages...

even now i still don't know what topic you wish to be addressed - you
may want to provoke thought, but so far you've done a poor job of doing
so...

I realize this is a little outside of the status quo of this group which
consists of treating virus infections like acts of god and cutting and
pasting the same dozen lines of Windows delousing techniques over and over
ad nauseum...

those get posted ad nauseum because people post "please help me"
messages ad nauseum... but at least we can do constructive things in
those circumstances...

Why do you feel so oddly proprietary about this newsgroup that my
anti-virus topical postings are too off topic for this unmoderated
anti-virus newsgroup?

the reaction you got is basically the same kind of reaction people get
when then come in here and say things like "you all suck! you virus
writers should be put in jail"... and the reason it's the same is
because, like them, you're addressing the wrong people...

 

[Gabriele Neukam]

On that special day, P. Thompson, ([email protected]) said...

This is an "anti-virus" news group, I believe I am talking to people
interested in anti-virus issues, posting this.

How did you get the idea, that someone who is unaware that his machine
is compromised, will be a regular reader of a SECURITY newsgroup? If he
knew about security and how to keep it, he wouldn't run a trojanized
computer firsthand.

This is like shouting into the hospital: "stop spraying flu to me".

(from another followup)

69.50.191.68's abuse contact is (e-mail address removed), which does bounces all
incoming mail.

Then report them to rfc-ignorant.org, or look them up; they might
already have an entry in there. And if you use the command tracert on
the IP number, you'll get this result:

69.50.191.68 69-50-191-68.esthost.com

So esthost.com is the host who has to be contacted.

Use http://www.esthost.com/contact.php for your complaint, please.


Gabriele Neukam

(e-mail address removed)