Here's a copy of the message that I sent him (as requested).
Dave,
Below my signature is the source of one of these messages. The originating IP of this one message, 209.189.127.231 is an open relay (zombie) that has been tagged now in numerous blacklists due to the exploit.
http://www.dnsstuff.com/tools/ip4r.ch?ip=209.189.127.231
Note that the last hop in the headers is the gateway server of the
receiver. These E-mails are typically sent from numerous hijacked
computers, so the source is irrelevant to the immediate problem. The IP of the site in question is however hosting on your server.
http://216.55.162.5/
This was first reported to your abuse@ address yesterday afternoon, and many of my fellow administrators have tried calling your support number with absolutely no response to the problem. The scam was also reported to the Electronic Crimes Task Force, a division of the FBI (this is incorrect, actually a division of the Secret Service)
So far your company's lack of response has undoubtedly caused unnecessary harm to innocent victims. Please take care of the problem immediately so that you can save countless other people from around the world from falling victim to this scam.
Also note that I have never before encountered a company that is so unwilling to take action. Most, including companies as large as Akamai, have resolved such problems in a matter of minutes. Your company needs to enact a policy and process for better handling such matters.
Matt
Matt...
Kevin Bilbee wrote:
I am on the phione with them now. I suggest we all call and take up all of their tech supoport lines until the site is down. I have all day.
I reported this to them 24hours a go then reported it to the list.
From my conversation last night with the SS Etask force if they were open they would be giving them a call also.
Kevin Bilbee
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Matt Sent: Saturday, February 14, 2004 9:29 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] New Phishing Scam
The damn site is still up...24 hours later and these people haven't pulled the site. I just called their sales line and asked that they find someone at a higher level to direct this to. It's beyond me how these people can pull up the address in a Web browser and still not get that there is a problem.
And for the sake of Internet archiving, let me just state for the
benefit of others, A+Net, a.k.a. Abacus America Inc of San Diego,
CA, who's Web site is located at aplus.net, has shown themselves
incapable of taking appropriate action on one of the most common
Internet scams despite numerous reports over a 24 hour period. One can only conclude that this is the typical level of response
that they give to all support issues, and one should take note of
this before considering their services. Other companies,
including ones as large and complex as Akamai, have resolved
issues within minutes of being reported, as they clearly
understood the immediacy of the issue at hand.
Matt
