In my post I talked about how I almost got hit with a malware attack that used PowerShell. I was looking for a PDF. I got lucky. After I closed the tab and made sure my computer was okay I thought about something. Just closing the window was not enough. If I could almost get caught someone else could too.
I decided to do something about it so I contacted the company that registered the domain.. Have you ever wondered what happens after you report something bad to them?
The Mystery of Reporting Bad Stuff
When you report a domain for spreading malware you are sending a message to the registrars abuse team. They get a lot of these messages so I did not expect them to fix it away. I got a automated message saying they got my report and it was in line. This is something they have to do.. I did not just wait and do nothing. I kept checking the domain to see if my report did anything.
Watching What Happens Next
To see if the registrar did something I kept an eye on the domain. A days later I checked the URL again and I got a 403 Forbidden error.
This was a big win. It meant the host stopped the files from working.. The problem was not solved yet. A day later I saw the attacker started using a subdomain js5c.quickloadbinpack.click and it was still working and spreading the malware.
Making It Right Why You Have to Keep Trying
I realized my report only fixed the problem for a little while. I sent another message to Namecheap with the subdomain and a explanation that the bad guys were still active.
(The bad landing page I saw after the attacker changed their plan.)
This is what a lot of people miss: the abuse team needs proof that their first fix did not work. By giving them the URL and a screenshot of the new landing page I gave them what they needed to take stronger action.
The Final Result
A days after I sent my second report I checked the site one last time. Of a 403 error my browser said it had a Cloudflare 522 Connection Timed Out error.
(The final state of the domain. A 522 error that means the bad server is shut down and the threat is gone.)
What I Learned
Reporting stuff is not something you do once and forget. It is something you have to keep doing:
- You report the thing first
- You watch the site to see if it changes.
- You report it again with proof if the bad thing is still there.
If you see a site do not just close it. Write down what you see report it and keep an eye on it. It is not about keeping yourself safe. It is, about making the internet a better place.
Comments
Post a Comment