Re: Malware Site

• Previous message: Francisco Pecorella: "Re: Malware Site"
• In reply to: namtoor_at_gmail.com: "Malware Site"
• Next in thread: Holger Kipp: "Re: Malware Site"
• Reply: Holger Kipp: "Re: Malware Site"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: namtoor@gmail.com
Date: Wed, 23 Nov 2005 11:41:44 -0500

RTFM-style answer:

First, figure out a little about the site... like who owns the domain
and where is it hosted?

$ whois sutterhealth.org
NOTICE: Access to .ORG WHOIS information is provided to assist persons in
determining the contents of a domain name registration record in the Public Interest Registry
registry database. The data in this record is provided by Public Interest Registry
for informational purposes only, and Public Interest Registry does not guarantee its
accuracy. This service is intended only for query-based access. You agree
that you will use this data only for lawful purposes and that, under no
circumstances will you use this data to: (a) allow, enable, or otherwise
support the transmission by e-mail, telephone, or facsimile of mass
unsolicited, commercial advertising or solicitations to entities other than
the data recipient's own existing customers; or (b) enable high volume,
automated, electronic processes that send queries or data to the systems of
Registry Operator or any ICANN-Accredited Registrar, except as reasonably
necessary to register domain names or modify existing registrations. All
rights reserved. Public Interest Registry reserves the right to modify these terms at any
time. By submitting this query, you agree to abide by this policy.

Domain ID:D5472804-LROR
Domain Name:SUTTERHEALTH.ORG
Created On:28-Mar-1997 05:00:00 UTC
Last Updated On:13-Sep-2005 15:43:59 UTC
Expiration Date:29-Mar-2007 05:00:00 UTC
Sponsoring Registrar:Register.com Inc. (R71-LROR)
Status:OK
Registrant ID:69813432819f9731
Registrant Name:DNS Admin
Registrant Organization:Sutter Health
Registrant Street1:3707 Schriever Avenue
Registrant Street2:
Registrant Street3:
Registrant City:Mather
Registrant State/Province:CA
Registrant Postal Code:95655
Registrant Country:US
Registrant Phone:+1.9164548279
Registrant Phone Ext.:
Registrant FAX:+1.9164548279
Registrant FAX Ext.:
Registrant Email:dnsadmin@sutterhealth.org
Admin ID:69813432819f9731
Admin Name:DNS Admin
Admin Organization:Sutter Health
Admin Street1:3707 Schriever Avenue
Admin Street2:
Admin Street3:
Admin City:Mather
Admin State/Province:CA
Admin Postal Code:95655
Admin Country:US
Admin Phone:+1.9164548279
Admin Phone Ext.:
Admin FAX:+1.9164548279
Admin FAX Ext.:
Admin Email:dnsadmin@sutterhealth.org
Tech ID:8141715281ce7130
Tech Name:DNS Admin
Tech Organization:Sutter Health
Tech Street1:3707 Schriever Avenue
Tech Street2:
Tech Street3:
Tech City:Mather
Tech State/Province:CA
Tech Postal Code:95655
Tech Country:US
Tech Phone:+1.9164548729
Tech Phone Ext.:
Tech FAX:+1.9164548729
Tech FAX Ext.:
Tech Email:kingal@SutterHealth.org
Name Server:NS1.SUTTERHEALTH.ORG
Name Server:NS2.SUTTERHEALTH.ORG

-----------------

$ host www.sutterhealth.org
www.sutterhealth.org is an alias for sutterhealth.org.
sutterhealth.org has address 65.213.63.34

-----------------

$ whois 65.213.63.34
UUNET Technologies, Inc. UUNET65 (NET-65-192-0-0-1)
                                  65.192.0.0 - 65.223.255.255
Sutter Health UU-65-213-63 (NET-65-213-63-0-1)
                                  65.213.63.0 - 65.213.63.255

------------------

$ whois -h whois.arin.net UUNET65

OrgName: UUNET Technologies, Inc.
OrgID: UU
Address: 22001 Loudoun County Parkway
City: Ashburn
StateProv: VA
PostalCode: 20147
Country: US

NetRange: 65.192.0.0 - 65.223.255.255
CIDR: 65.192.0.0/11
NetName: UUNET65
NetHandle: NET-65-192-0-0-1
Parent: NET-65-0-0-0-0
NetType: Direct Allocation
NameServer: AUTH03.NS.UU.NET
NameServer: AUTH00.NS.UU.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2000-10-27
Updated: 2002-02-13

RTechHandle: OA12-ARIN
RTechName: UUnet Technologies, Inc., Technologies
RTechPhone: +1-800-900-0241
RTechEmail: help4u@mci.com

OrgAbuseHandle: ABUSE3-ARIN
OrgAbuseName: abuse
OrgAbusePhone: +1-800-900-0241
OrgAbuseEmail: abuse-mail@mci.com

OrgNOCHandle: OA12-ARIN
OrgNOCName: UUnet Technologies, Inc., Technologies
OrgNOCPhone: +1-800-900-0241
OrgNOCEmail: help4u@mci.com

OrgTechHandle: SWIPP-ARIN
OrgTechName: swipper
OrgTechPhone: +1-800-900-0241
OrgTechEmail: swipper@mci.com

If you want to be nice, pick up the phone and call the Sutter Health
folks and let them know -- their site may have been cracked and they may
be oblivious. If you want to be more formal, send email to
dnsadmin@sutterhealth.org, abuse@sutterhealth.org, and
abuse-mail@mci.com detailing your findings.

If they're unresponsive, given the site appears to be hosted in the
U.S., notify the Federal Trade Commission. Not like they'll do anything
about it, but that's the procedure.

You can also report the URI to folks like SpamCop who will report it to
the same abuse contacts I listed, and if they're unresponsive, add it to
their URIBL and such.

-jag

On Wed, 2005-11-23 at 16:30 +0000, namtoor@gmail.com wrote:
> Hi, this site <don't click!> http://sutterhelath.org/index.php </don't click!> is
> spreading malware. They're tricking people into
> visiting the site via an embedded link in email
> messages. How should this be reported and/or what
> should be done to get this site taken offline?
>
> Thanks!
>

-- 
Joshua Ginsberg <jag@fsf.org>
Free Software Foundation - Senior Systems Administrator

• application/pgp-signature attachment: This is a digitally signed message part

• Previous message: Francisco Pecorella: "Re: Malware Site"
• In reply to: namtoor_at_gmail.com: "Malware Site"
• Next in thread: Holger Kipp: "Re: Malware Site"
• Reply: Holger Kipp: "Re: Malware Site"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]