Advertisement
Guest User

Untitled

a guest
Aug 13th, 2013
295
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.87 KB | None | 0 0
  1. Dear customer,
  2.  
  3. We’ve got the following e-mail on our abuse address. We request you to take an appropriate action within 24 hours. When there is no action taken within 24 hours, the concerning IP will be closed.
  4.  
  5. [original message follows]
  6.  
  7. Dear abuse team,
  8.  
  9. please help to close these offending viruses sites(1) so far.
  10.  
  11. status: As of 2013-08-09 09:26:09 CEST
  12. http://support.clean-mx.de/clean-mx/[email protected]&response=alive
  13.  
  14. (for full uri, please scroll to the right end ...
  15.  
  16.  
  17. We detected many active cases dated back to 2007, so please look at the date column below.
  18. You may also subscribe to our MalwareWatch list http://lists.clean-mx.com/cgi-bin/mailman/listinfo/viruswatch
  19.  
  20. This information has been generated out of our comprehensive real time database, tracking worldwide viruses URI's
  21.  
  22. If your review this list of offending site, please do this carefully, pay attention for redirects also!
  23. Also, please consider this particular machines may have a root kit installed !
  24. So simply deleting some files or dirs or disabling cgi may not really solve the issue !
  25.  
  26. Advice: The appearance of a Virus Site on a server means that
  27. someone intruded into the system. The server's owner should
  28. disconnect and not return the system into service until an
  29. audit is performed to ensure no data was lost, that all OS and
  30. internet software is up to date with the latest security fixes,
  31. and that any backdoors and other exploits left by the intruders
  32. are closed. Logs should be preserved and analyzed and, perhaps,
  33. the appropriate law enforcement agencies notified.
  34.  
  35. DO NOT JUST DELETE THE FILES. IF YOU DO NOT FIX THE SECURITY
  36. PROBLEM, THEY WILL BE BACK!
  37.  
  38. You may forward my information to law enforcement, CERTs,
  39. other responsible admins, or similar agencies.
  40.  
  41. +-----------------------------------------------------------------------------------------------
  42.  
  43. |date |id |virusname |ip |domain |Url|
  44. +-----------------------------------------------------------------------------------------------
  45. |2013-08-09 08:40:28 CEST |13908360 |Win32/Cryptor |78.140.165.153 |installweb.net |http://download.installweb.net/NTY7aHR0cCUzQSUyRiUyRnMyLmZpbGUtc3BhY2Uub3JnJTJGZG93biUyRl9odzBQS1p3ZkQlMkYxMzc2MDM1ODA0JTJGOVEtdnJkeHNmanNHMGl5S0hCVkZQQSUyRjQ0NzUlMkYwJTJGNDQ3NSUyRmtpbGxoYWNrX3YyLjguRVhFO2tpbGxoYWNrX3YyLjguRVhFOzM2NDk1MzY7c2V0dXA%3D
  46. +-----------------------------------------------------------------------------------------------
  47.  
  48.  
  49. Your email address has been pulled out of whois concerning this offending network block(s).
  50. If you are not concerned with anti-fraud measurements, please forward this mail to the next responsible desk available...
  51.  
  52.  
  53. If you just close(d) these incident(s) please give us a feedback, our automatic walker process may not detect a closed case
  54.  
  55. explanation of virusnames:
  56. ==========================
  57. unknown_html_RFI_php not yet detected by scanners as RFI, but pure php code for injection
  58. unknown_html_RFI_perl not yet detected by scanners as RFI, but pure perl code for injection
  59. unknown_html_RFI_eval not yet detected by scanners as RFI, but suspect javascript obfuscationg evals
  60. unknown_html_RFI not yet detected by scanners as RFI, but trapped by our honeypots as remote-code-injection
  61. unknown_html not yet detected by scanners as RFI, but suspious, may be in rare case false positive
  62. unknown_exe not yet detected by scanners as malware, but high risk!
  63. all other names malwarename detected by scanners
  64. ==========================
  65.  
  66.  
  67. yours
  68.  
  69. Gerhard W. Recher
  70. (Geschäftsführer)
  71.  
  72. NETpilot GmbH
  73.  
  74. Wilhelm-Riehl-Str. 13
  75. D-80687 München
  76.  
  77. GSM: ++49 171 4802507
  78.  
  79. Handelsregister München: HRB 124497
  80.  
  81. w3: http://www.clean-mx.de
  82. e-Mail: mailto:[email protected]
  83. PGP-KEY: Fingerprint: A4E317B6DC6494DCC9616366A75AB34CDD0CE552 id: 0xDD0CE552
  84. Location: http://www.clean-mx.de/downloads/abuse-at-clean-mx.de.pub.asc
  85.  
  86.  
  87. Regards,
  88. Webzilla - Abuse
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement