cpollock at embarqmail
Jul 23, 2011, 5:07 PM
Looking for the correct way to handle this. I've been receiving a lot of
infected email lately supposedly bounced messages infected with the
MyDoom worm or Suspect.DoubleExtension-zippwd-9. What is the correct way
to report these to the offending ISP? I can find who the admin and tech
contacts are by telneting to whois.ra.net and inputting the ASN which
will give me those then I can telnet to whois.ripe.net or apnic or radb
or whoever to give me the name(s) of these contacts and email address.
Then send them an email with the message headers to show the sender IP.
Is that the correct way? I also have a script that will report these in
conjunction with SA Learn which reports these but it sends the whole
message including the infected attachment, I don't believe this is the
31.11°N 97.89°W (Elev. 1092 ft)
19:00:22 up 171 days, 40 min, 2 users, load average: 0.60, 0.56, 0.40