Hi, On Sun, 25 Aug 2019 at 03:17, james jones <james.voip@gmail.com> wrote:
just quick question:
is the abuse emails still best way to report domains that are being used in malware scripts? or is there a more central place to report such things?
This may be more from a sysadmin perspective than network operations. However: - Microsoft has a URL reputation service as well as Google, it's called Windows Defender SmartScreen (https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-...). This is used by default in Edge, IE, Exchange, Office365, Outlook,com etc - Windows comes with Windows Defender as part of the licence. - Windows Defender has an optional feature enablable by the sysadmin called Network Protection. Network Protection causes *all* HTTP(S) connections made by the system to be checked against the URL reputation list, regardless of a process is making the connection (https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-...). - Microsoft also shares malware information with other security organisations, so reporting to Microsoft can often also mean that security software from other vendors will start blocking the site (https://docs.microsoft.com/en-gb/windows/security/threat-protection/intellig...). If you use Windows desktops/laptops in your business, enabling Network Protection can be useful. Likewise, because of the number of Windows machines out there (and the ubiquity of Exchange / Office365) reporting to Microsoft can also be useful, especially as other security organisations can get details of the submission and start blocking both the site and the malware. You can report to Microsoft by going to https://www.microsoft.com/en-us/wdsi/support/report-unsafe-site (also allows for bulk submissions) or https://feedback.smartscreen.microsoft.com/feedback.aspx?url= and putting the address you want to report after the =. You can also submit whole phishing (or spam) emails to Microsoft by using the addresses at https://docs.microsoft.com/en-gb/office365/SecurityCompliance/submit-spam-no.... *phishing* sites are also collected by US-CERT at https://www.us-cert.gov/report-phishing. I have no idea what they actually do with them though. Alex