« Validation | Main | PayPal Phisher Using the Bogus Charge (Again) »
Home | The Book | Training | Events | Tools | Stats |
July 01, 2006
How bora.net Solved Its Internet Abuse ProblemsIt's an all-too-common situation. A spam or phishing reporter tries to follow an ISP's procedures to submit a report about suspected fraudulent activity, only to have it be rebuffed. In this case, I had an IP address of a South Korean server that had been hijacked by phishers. There was no contact information or domain name on the site's home page, so I started with the phishing link, which was an IP address.
I look up the IP address and find that it belongs to bora.net, self-described as the following:
descr: DACOM Corp.
descr: Facility-based Telecommunication Service Provider
descr: providing Internet leased-ine, on-line service, BLL etc.
The record also invites viewers to submit reports to abuse and security email addresses. Which I gladly do.
A moment later, I receive a bounce message with the following advisory:
Recipient's maiilbox is full, message returned to sender, (#5.2.2) [7mallot:(209715200), usage:(220909568)
In other words, their approach to abuse reporting is to cover their ears, close their eyes, and shout "la la la la la la." That way they never have a problem. I've sent hijacked web site reports to their security address before. Although those messages didn't bounce, the sites stayed up for weeks.
I did find the web site of the parent company, Dacom, and they have an English version of the site. Unfortunately for me, it's all about selling services and not servicing. The formal contact email address is to the Webmaster of the site. Something tells me my report won't get very far.
South Korean ISPs have a reputation of not being responsive to Internet problems that ooze out worldwide. If you check a Korean IP address against DNS blocklists, you'll commonly find snide messages accompanying the listing, such as "we do not accept mail from korea" and "korea does not seem to care about spam." Although I understand that some ISPs have taken steps to do things like curbing spam spewed by zombie PCs, problems obviously persist. And some ISPs really don't seem to care.
Posted on July 01, 2006 at 10:48 AM