We have received the following complaint regarding an IP on your network.
Please resolve the issue and update us with the actions you’ve taken to reach a
namless drone | Network Operations Center Technician
Continuum Network Operations Center
Email: [email protected]
Received on Apr/13/2014 12:34:04AM
Dear abuse team,
please help to close these offending viruses sites(1) so far.
status: As of 2014-04-13 07:33:39 CEST
(for full uri, please scroll to the right end …
We detected many active cases dated back to 2007, so please look at the date
You may also subscribe to our MalwareWatch list
This information has been generated out of our comprehensive real time
tracking worldwide viruses URI’s
If your review this list of offending site, please do this carefully, pay
attention for redirects also!
Also, please consider this particular machines may have a root kit installed !
So simply deleting some files or dirs or disabling cgi may not really solve the
Advice: The appearance of a Virus Site on a server means that
someone intruded into the system. The server’s owner should
disconnect and not return the system into service until an
audit is performed to ensure no data was lost, that all OS and
internet software is up to date with the latest security fixes,
and that any backdoors and other exploits left by the intruders
are closed. Logs should be preserved and analyzed and, perhaps,
the appropriate law enforcement agencies notified.
DO NOT JUST DELETE THE FILES. IF YOU DO NOT FIX THE SECURITY
PROBLEM, THEY WILL BE BACK!
You may forward my information to law enforcement, CERTs,
other responsible admins, or similar agencies.
|date |id |virusname |ip |domain |Url|
CEST |24886536 |WS.Reputation.1 |220.127.116.11 |superglobalmegacorp.com |http://vpsland.superglobalmegacorp.com/install/WindowsCE/nethack/nethack3.4.3-WinCE-2.11-x86.zip
Your email address has been pulled out of whois concerning this offending
If you are not concerned with anti-fraud measurements, please forward this mail
to the next responsible desk available…
If you just close(d) these incident(s) please give us a feedback, our automatic
walker process may not detect a closed case
explanation of virusnames:
unknown_html_RFI_php not yet detected by scanners as RFI, but pure php code for
unknown_html_RFI_perl not yet detected by scanners as RFI, but pure perl code
unknown_html_RFI_eval not yet detected by scanners as RFI, but suspect
unknown_html_RFI not yet detected by scanners as RFI, but trapped by our
honeypots as remote-code-injection
unknown_html not yet detected by scanners as RFI, but suspious, may be in rare
case false positive
unknown_exe not yet detected by scanners as malware, but high risk!
all other names malwarename detected by scanners
Gerhard W. Recher
net4sec UG (haftungsbeschraenkt)
GSM: ++49 171 4802507
Geschaeftsfuehrer: Martina Recher
Handelsregister Augsburg: HRB 27139
e-Mail: [email protected]
PGP-KEY: Fingerprint: A4E317B6DC6494DCC9616366A75AB34CDD0CE552 id: 0xDD0CE552