Author Topic: threadexpert weired behaviour  (Read 3735 times)

0 Members and 1 Guest are viewing this topic.

January 23, 2010, 02:14:31 pm
Read 3735 times

cleanmx

  • Special Members
  • Hero Member

  • Offline
  • *

  • 3405
    • Spam-Filter Anti-Spam Virenschutz - CLEAN MX Managed Anti-Spam Service ist die Lösung für Ihr Spam-Problem
hi @all

I notice my submission by email to threadexpert are only recognized or honored in a fraction of cases.

has anybody a reliable contact to them ?
I recently dropped a note to them by web-form they provide for this purpose, but i get *no* feedback from them.




--gerhard

January 23, 2010, 03:04:38 pm
Reply #1

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
ThreatExpert submission by email ?? I haven't heard about his method.
What is the email address ?
Ruining the bad guy's day

January 23, 2010, 03:08:40 pm
Reply #2

cleanmx

  • Special Members
  • Hero Member

  • Offline
  • *

  • 3405
    • Spam-Filter Anti-Spam Virenschutz - CLEAN MX Managed Anti-Spam Service ist die Lösung für Ihr Spam-Problem
"tesubmit@threatexpert.com"
you have to register 1st...
I use "abuse@clean.mx" as sender ... notice clean.mx is my domain  :)

just a example: edit content is zip with password "infected"

Code: [Select]
From: abuse@clean.mx
To: tesubmit@threatexpert.com
Subject: [clean-mx] http://support.clean-mx.de/clean-mx/viruses?id=369734
Precedence: bulk
MIME-Version: 1.0
X-Mailer: vi
X-Virus-Scanned: by netpilot GmbH at clean-mx.de
Content-type: multipart/mixed;  boundary="----=_NextPart"
Message-Id: <20100123.1264258079.369734@dbserv.netpilot.net>
Date: Sat, 23 Jan 2010 15:47:59 +0100

This is a multi-part message in MIME format.

------=_NextPart
Content-Type: text/plain; charset="iso-8859-1"


184638c05711f16fc3a28fddf2d03f24        http://m19citizen.cn/2/load.php

------=_NextPart
Content-Transfer-Encoding: base64
Content-Type: application/zip; name="369734.zip"
...
...

January 23, 2010, 10:50:29 pm
Reply #3

CM_MWR

  • Special Members
  • Hero Member

  • Offline
  • *

  • 319
Ive seen some very odd behaviour all the way around there over the last week, I thought it was possibly some changes brought on through symantec but we could yasml sergei and see if there is any type response  ???