Internet Police

[RicharD]

I recently recovered from a nasty java script based trojan virus which had my PC phoning a plethora of German and Russian sites among other thangs.  Malwarebytes enabled me to block the phone calls and generated a tidy log of malicious IP addresses.  Exterminate it was the software title that nuked the bug.  AVG could do nothing but tell me I had a virus.  JS/Redir is the name that appeared.  Apparently the bug cloaked itself as mswsock.dll  Not a file you can simply delete and live without.  It was a total PITA and I didn't get it from a pron site or anything like that.  It was a drive by infection from a music venue site whose calendar I was checking.

The question at hand is:  Who is the best authority to report these IP addresses to?  I'd really like to spoil these ...... people's new year.  I really don't understand the thinking behind redirection bugs.  If I google for whirlpool washing machine parts and get sent to an insurance site, do these people actually think I'm gonna surf their site and buy something?  Any suggestions will be acted upon.

Thanks!
-Richard
 

[EL34]

Hmm, that's wierd, Mal B should have warned you about the page.

I got rid of Malware Bytes and now I am using the free Microsoft Security essentials
 
http://windows.microsoft.com/en-US/windows/products/security-essentials

Last week I was following google searches and ran across a page that MSE blocked
It then asked me if I wanted to remove what was gathered from the page
(don't even know what that was?)
Probably was just snooping cookies stuff

I said yes and all was well again. MSE removed what ever it was before it became a problem

Have you got Mal B set up for real time protection as you surf?

[LooseChange]

Microsoft Security Essentials is the best kept secret. MS does not force it out there.
I've been using it for a couple of years now and have it on all my PC's at home. Works great!

[RicharD]

I did not have MalwareBytes set up at the time of the infection.  I've been running AVG by itself for ages w/o issue.  I've only had 3 virus softwares running for a couple of days.  I guess I'll discover MS Essentials cuz I'm gonna do a clean OS install anyway.  There's still some things amiss.  I awoke to an error report, something about TCIP/Ping, my clock says 08:30 instead of 8:30AM, & when I tried to do a nslookup from a command prompt, I got a nastygram.

No clues who I should snitch to?  I thought for certain there'd be an organization such as stop forum spam or project honeypot dedicated to smacking down the trojan douches.

[EL34]

My sites are protected by project honey pot
All that does is give known spammers and such a page that they will see when accessing the site.

I can report people to the database because I am a member and I have an API key.
So if someone here joined and started spamming, I could report them and then they would be added to the data base

Does not do anything for webs sites, just people

Not sure how to report a web site

The best thing is to have your browser warn you like I mentioned above

I get a blank window with a warning when trying to view a known malicious web site.

[DummyLoad]

this is a starting point...

http://www.google.com/safebrowsing/report_badware/

be brief but as descriptive as possible.

--pete

[RicharD]

The saga part 2:

So the nasty trojan came back.  The downloader is known as Unruy.H and the dropper is known as Sirefef.B  Nasty nasty bug.  So I decided to take EL34's advice and install MS Security Essentials.  During the install it suggested I remove all other virus software titles so I uninstalled AVG and and MalwareBytes.  2 scan passes with Sec Essentials and the bug was eliminated.... along with my TCP/IP stack.  The driver ipsec.sys was infected and removed.  ipconfig returned an internal error and high stress ensued.  My XP disc is lost somewhere in one of my piles of crap.  After much research and many trials and errors, I finally fingered out how to reinstall TCP/IP.  First I tried several netsh resets which didn't work.  Next I did a regedit and removed winsock and winsock2.  From here I removed all network clients, services, and protocols then reinstalled them from windows/inf.  That was the fix.  None of the support sites suggested removing and reinstalling either clients or services.  They all simply suggested deleting the 2 winsock keys and reinstalling the TCP/IP protocol.  This by itself did not work.  The additional steps of removing and reinstalling clients and services made all the difference.  Not sure if this played into the picture but somewhere along the way, I copied the ipsec.sys driver from another machine.  Whew!  Just what I wanted to do for Christmas.

[HotBluePlates]

You might try US Computer Emergency Readiness Team as a first step. There is a link on their homepage for reporting incidents and vulnerabilities.

They may direct you to someone else, such as a cyber investigative team at the FBI. It's hard to say, as it might depend on the site hosting the malware, where the server is physically located, and a host of other issues.