I don't understand their attitude! Sometimes I send them a complaint, and just minutes later I get a confirmation that they have removed the domain, with a comment like

Since they don't have authority to suspend a domain name based on their country's laws or based on ICANN rules, they can only do so if the domain owner violated the terms of service in the registration agreement in effect when he signed up. If he agreed not to send spam and you can produce a copy of spam, they can suspend him. But if you say his product is malware and he says it's a malware removal program, you're asking them to make a decision about whose opinion is more credible, and to be sure enough of what you say that they don't have to worry about legal action from a legitimate software company whose site has been taken off line. I've seen plenty of instances where there has been conflicting information, like when AdAware thought Spybot was malware, or Comodo thought Complainterator was malware, so it's not that easy.

It might help if you give them a link to http://www.virustotal.com/analisis/af159005d98164984a27e15edcb5501a where analysis shows 30 of 33 antivirus programs consider that download to be malware. But even so, it depends how their terms of service are written what they can do without risking litigation.

yea, AC pretty much hit it dead-on.

And well, even with spam domain take-downs, they seem to be hard-set on requiring spam e-mail evidence as "proof" - but yea, I recall months/years (and every now and again) back, in which legal battles break out among software developers, and "anti-whatever" software, one claiming another is malware, etc.etc....

Now if this/the domain is using a botnet or something, that could be another method of "attack" in your report...but I don't know if that's the case.

All in all, I'd say leave the malware guys alone, and let's keep our eye on Spam - for now anyways...hehehe. When it comes to malware, the best bet is to post publicly of the dastard deeds, to include siteadvisor reports, etc.

(and I opened this thread expecting a "DIRECTI Removals" or some sort heheheeh)

Naturally I have given them a full copy of the spam messages with the malware link:
http://www.spamcop.net/sc?id=z1978185317zf5933ca74b8f2f73ef36538fed39b2a5z
http://www.spamcop.net/sc?id=z1980805337z0e4cf472246f5a188fd953a1372654e2z
http://www.spamcop.net/sc?id=z1988474030z5dbe8a920b1312f19998e288a1534c8bz
including information on the redirect from drivemyclick.com (which has been taken down since).

However, the target site and domain (hxxp://securityscannersite.com/2008/2/_freescan.php?aid=773D0256) is still active.

ahhh....I see. So the malware links have been passed via e-mail....well, that stumps me

I've no idea why they wouldn't do anything about them, since they are "spam".....appearing in unsolicited e-mail.

drivemyclick_com seems to be clientHold, suspended, and taken down. Where does securityscannersite_com come into play?

Did drivemyclick_com redirect to securityscannersite_com? Since I don't see the security scan site referenced in the spamcop links...

OK, this may work. Someone submitted one of these drivemyclick spams to SIRT while it was still active, and it fetched the redirection to securityscannersite. I have converted it to "confirmed spam" so anyone can now view the partially completed report. I'll leave it that way instead of changing it to terminated, since the securityscannersite target is still active. You can give the registrar the link to

http://www.castlecops.com/XP_antivirus_protection_spam186728.html

which contains the source code documenting that the spammed URL redirected to that target site. That may be all they need as backup to act. (It doesn't show the actual spam/headers that was submitted to SIRT -- that's only available to SIRT handlers/law enforcement -- so they'll still need your copy of spam.)

securityscannersite should be submitted to MIRT, not SIRT, since they document the malware being distributed.

I just got 129 emails for removals by PDR.

explain? you sent them off 129 removal requests?

They seem to have a good support system on their site too:

For reporting spam:
http://www.publicdomainregistry.com/contactus/report-spam/

For false-whois (use this with caution, only if you do the leg-work of calling the registrant, detailing the false data, etc...):
http://www.publicdomainregistry.com/contactus/report-false-whois/

I've been using the spam report link, as well as the complainterator bundled contacts with quite success.

I sent a few complainterator reports that also listed several more domains. For each domain removed I got 1 email.

I'll give them that -- you do get a reply from a human being, even if they don't feel they can act on your complaint.

I kind of stop sending batch reports as of a few days ago because I started getting a lot of emails asking to show proof of spamming so I started sending 1 report for each domain with full headers and body enclosed.

For a few removal emails I received I did a search on subject in my send folder and came up empty so I search on body and found it was a batch submission.

After reading about DIRECTI/PublicDomainRegistry, and their affiliation with Atrivo/etc. - and their "defense" against KnujOn's "phantom registrars" post.....I contacted DIRECTI abuse, as well as Bhavin Turakhia, himself with indepth links regarding DIRECTI/PDR, the spam brands they have been allowing to operate, etc.

Turns out, they say they weren't aware of the CastleCops Bulk Reporting Project listings for their registrar, but say they have been "following" the URIBL listings.

Here's all messages in context:

I guess, a little ruffling of some feathers (on Knujon's part?) can go a long way