3

An email is using social engineering to get users to click on a malicious URL that downloads javascript and then runs malicious code.

  • Who should I report these malicious URLs to? (Microsoft Security, some Chrome add in vendor, etc)

  • The email has a header that comes from a specific ISP. Should I do anything with that?

makerofthings7
  • 50,488
  • 54
  • 253
  • 542
  • I created a Meta.SE question to address the downvote and the redaction: http://meta.security.stackexchange.com/q/1058/396 – makerofthings7 Nov 19 '12 at 17:09
  • 1
    As it happens, this topic is already mostly covered here: http://security.stackexchange.com/q/1728/971 though that question would be hard to find. Should we create a single merged or reference question that covers the entire space, that will be easier to find with search, and where we can put an authoritative extensive answer? – D.W. Nov 19 '12 at 21:40
  • @D.W. A merged answer would be great. I don't mind making it CW, but would prefer the question be geared for S.E.O. (namely a better title). Perhaps this may be a good idea for QoTW – makerofthings7 Nov 19 '12 at 21:45

3 Answers3

5

Do a whois lookup on those domains, and see if you can find the abuse contact for the registrar. You can report it via that address. These may also be legitimate sites that have been hacked, so if it looks like they are you should contact the owners and tell them exactly where the malicious script resides.

You can also report the malware to Google's Badware page, which they can then use to prevent other users from accidentally getting exploited by the domain. Google also do a good job of researching these sites and often get a quicker result than you could yourself, since they have the right contacts.

Polynomial
  • 133,763
  • 43
  • 302
  • 380
3

First thing I would do is protect yourself or your company (if that's the case). You will earn some brownie points with the bosses plus your making sure your not getting caught by this.

Then I would do as Polynomial said and submit it to Google. I don't think you should bother emailing the registrar as the chances are they have no clue by now. Leave the hard work to the big companies.

I would also consider sending an email to a big anti virus company. Rather than taking this on yourself leave them do there job. Submit a sample or the link to a one of the big companies. They know exactly what needs doing as they get paid to do so. If your AV didn't notice it then the chances are it hasn't got a signature and others are at risk. Ideally I would download a copy of the virus (up to you though! Could easily infect your machine / network).

If you think you have been infected you can follow some basic guidance from Microsoft or do some google searching.

LukeJenx
  • 101
  • 3
3

I've already answered this question elsewhere (though I wouldn't expect you to be able to find it easily using search). See my extensive list of places where you can report malicious URLs:

D.W.
  • 98,860
  • 33
  • 271
  • 588