Security Incidents mailing list archives
Re: Malware Site
From: Joshua Ginsberg <jag () fsf org>
Date: Wed, 23 Nov 2005 11:41:44 -0500
RTFM-style answer: First, figure out a little about the site... like who owns the domain and where is it hosted? $ whois sutterhealth.org NOTICE: Access to .ORG WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the Public Interest Registry registry database. The data in this record is provided by Public Interest Registry for informational purposes only, and Public Interest Registry does not guarantee its accuracy. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to: (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator or any ICANN-Accredited Registrar, except as reasonably necessary to register domain names or modify existing registrations. All rights reserved. Public Interest Registry reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy. Domain ID:D5472804-LROR Domain Name:SUTTERHEALTH.ORG Created On:28-Mar-1997 05:00:00 UTC Last Updated On:13-Sep-2005 15:43:59 UTC Expiration Date:29-Mar-2007 05:00:00 UTC Sponsoring Registrar:Register.com Inc. (R71-LROR) Status:OK Registrant ID:69813432819f9731 Registrant Name:DNS Admin Registrant Organization:Sutter Health Registrant Street1:3707 Schriever Avenue Registrant Street2: Registrant Street3: Registrant City:Mather Registrant State/Province:CA Registrant Postal Code:95655 Registrant Country:US Registrant Phone:+1.9164548279 Registrant Phone Ext.: Registrant FAX:+1.9164548279 Registrant FAX Ext.: Registrant Email:dnsadmin () sutterhealth org Admin ID:69813432819f9731 Admin Name:DNS Admin Admin Organization:Sutter Health Admin Street1:3707 Schriever Avenue Admin Street2: Admin Street3: Admin City:Mather Admin State/Province:CA Admin Postal Code:95655 Admin Country:US Admin Phone:+1.9164548279 Admin Phone Ext.: Admin FAX:+1.9164548279 Admin FAX Ext.: Admin Email:dnsadmin () sutterhealth org Tech ID:8141715281ce7130 Tech Name:DNS Admin Tech Organization:Sutter Health Tech Street1:3707 Schriever Avenue Tech Street2: Tech Street3: Tech City:Mather Tech State/Province:CA Tech Postal Code:95655 Tech Country:US Tech Phone:+1.9164548729 Tech Phone Ext.: Tech FAX:+1.9164548729 Tech FAX Ext.: Tech Email:kingal () SutterHealth org Name Server:NS1.SUTTERHEALTH.ORG Name Server:NS2.SUTTERHEALTH.ORG ----------------- $ host www.sutterhealth.org www.sutterhealth.org is an alias for sutterhealth.org. sutterhealth.org has address 65.213.63.34 ----------------- $ whois 65.213.63.34 UUNET Technologies, Inc. UUNET65 (NET-65-192-0-0-1) 65.192.0.0 - 65.223.255.255 Sutter Health UU-65-213-63 (NET-65-213-63-0-1) 65.213.63.0 - 65.213.63.255 ------------------ $ whois -h whois.arin.net UUNET65 OrgName: UUNET Technologies, Inc. OrgID: UU Address: 22001 Loudoun County Parkway City: Ashburn StateProv: VA PostalCode: 20147 Country: US NetRange: 65.192.0.0 - 65.223.255.255 CIDR: 65.192.0.0/11 NetName: UUNET65 NetHandle: NET-65-192-0-0-1 Parent: NET-65-0-0-0-0 NetType: Direct Allocation NameServer: AUTH03.NS.UU.NET NameServer: AUTH00.NS.UU.NET Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE RegDate: 2000-10-27 Updated: 2002-02-13 RTechHandle: OA12-ARIN RTechName: UUnet Technologies, Inc., Technologies RTechPhone: +1-800-900-0241 RTechEmail: help4u () mci com OrgAbuseHandle: ABUSE3-ARIN OrgAbuseName: abuse OrgAbusePhone: +1-800-900-0241 OrgAbuseEmail: abuse-mail () mci com OrgNOCHandle: OA12-ARIN OrgNOCName: UUnet Technologies, Inc., Technologies OrgNOCPhone: +1-800-900-0241 OrgNOCEmail: help4u () mci com OrgTechHandle: SWIPP-ARIN OrgTechName: swipper OrgTechPhone: +1-800-900-0241 OrgTechEmail: swipper () mci com If you want to be nice, pick up the phone and call the Sutter Health folks and let them know -- their site may have been cracked and they may be oblivious. If you want to be more formal, send email to dnsadmin () sutterhealth org, abuse () sutterhealth org, and abuse-mail () mci com detailing your findings. If they're unresponsive, given the site appears to be hosted in the U.S., notify the Federal Trade Commission. Not like they'll do anything about it, but that's the procedure. You can also report the URI to folks like SpamCop who will report it to the same abuse contacts I listed, and if they're unresponsive, add it to their URIBL and such. -jag On Wed, 2005-11-23 at 16:30 +0000, namtoor () gmail com wrote:
Hi, this site <don't click!> http://sutterhelath.org/index.php </don't click!> is spreading malware. They're tricking people into visiting the site via an embedded link in email messages. How should this be reported and/or what should be done to get this site taken offline? Thanks!
-- Joshua Ginsberg <jag () fsf org> Free Software Foundation - Senior Systems Administrator
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Malware Site namtoor (Nov 23)
- RE: Malware Site Caleb (Nov 23)
- Re: Malware Site Francisco Pecorella (Nov 23)
- Re: Malware Site Joshua Ginsberg (Nov 23)
- Re: Malware Site Holger Kipp (Nov 23)
- Re: Malware Site Joshua Ginsberg (Nov 23)
- Re: Malware Site Robert Judy (Nov 23)
- Re: Malware Site Holger Kipp (Nov 23)
- Re: Malware Site Andre D. Correa (Nov 23)
- Re: Malware Site Paul Laudanski (Nov 24)
- <Possible follow-ups>
- Re: Malware Site nathanael (Nov 23)
- RE: Malware Site Portz, Jon (Nov 23)