Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Should I report this malware that I just encountered, and to whom?


Today, I received an email from someone with no subject and when I opened it,
it directed me to a website. As I have a lot of bridge acquaintances, I thought
nothing of it, but I have Avast and low and behold, it immediately showed a
notice that there was a Trojan. I immediately closed it. Now I thought, “What
should I do?” Can I notify someone? Report it to someone? Spam it? What’s the
best procedure?

In this excerpt from
Answercast #34
, I look at the steps that you need to take if you’ve clicked on a
link in an email that takes you to a website with a Trojan virus.


Reporting a Trojan

So, there’s really nobody to notify. Trust me. The people that you would notify are already well aware of these kinds of things, simply because they are so common. There are so many of these things going on.

You might say, “If they already know, then why aren’t they doing something about it?”

Trust me, they’re working as hard as they can. This is an incredibly complex thing to try and resolve.

The spam problem

  • Spammers are often overseas.

  • They have hidden themselves very well behind both technical and legal shields.

  • Many countries simply don’t have the same laws that you and I might consider to be very basic to the operation of the internet.

  • Many countries don’t have the infrastructure to be able to begin to address these kinds of problems.

So, at any rate, there’s nobody to report it to.

Check for infection

What you should do (since you clicked on the link) is be very, very watchful for a while to make sure that there’s nothing going on.

  • I would run the up-to-date anti-spyware and anti-malware tools that you already have.

  • Make sure that they’re run and make sure that they are up-to-date so that they’re scanning for the latest versions of all the different kinds of malware that are out there.

  • I might consider running the free tool from in addition to whatever tools you’re running now.

Mark it as spam

  • And finally, yes, in your mail program, whatever program that might be, I would recommend that you take that message and simply mark it as spam.

That way, the system (whatever system you’re running) will begin to learn that messages like this are (to you) spam. In fact, they’re not just spam, they’re dangerous.

That way, your personal email program is learning what is spam. You will eventually not see these kinds of messages. They will automatically get filtered and put into your junk mail folder.

If you’re using a service like Hotmail or Yahoo or Gmail, marking something as spam helps the entire system understand that this is spam. The same thing will happen, not only for you, but for other users of that system. Emails of this type will be automatically identified as spam and thrown into your spam or junk mail folder.

That’s all you can do

But, that’s really all you need to do. Be cautious, mark it as spam, and as the rest of the world already know, there’s really no one to notify.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

7 comments on “Should I report this malware that I just encountered, and to whom?”

  1. if its in my junk folder, am i not supposed to open it?
    sometimes hotmail puts things in junk that i wanna read. suppose curiosity gets the best of me?

  2. Related to your recent article “Should I report this malware that I just encountered, and to whom?”, is there any value in reporting spam to the government spam collection email “”? I do this but it seems as useless as reporting soliciting calls to the Do-Not-Call list.

  3. I am careful to update my MSE/Malwarebytes/SuperAntiSpyware/AVG …( all free editions) daily and scan at least weekly, that I have learned to use from reading Leo, but now I am concerned because I do report phishing e-mail messages to my ISP, bank, ebay and paypal, to name a few. Am I feeling too confident behind these apps? I know to never click a link from any email, and I never open eCards either.

  4. Whenever I get unsolicited email links that look suspicious, obviously I mark them as spam. However, if the email is from a friend, I immediately notify them (not using the ‘reply’ on the questionable email) and make them aware of the issue so they can run their own scans and notify their other friends of the possible breach.

  5. Recently Microsoft updated their Microsoft Office Outlook 2007 to be able to report “Junk” mail.

    The following message is received from Microsoft once a day if your report any “Junk” mail.

    “This is an automated reply from the Microsoft Forefront Online Security, Spam Analysis Department. No additional correspondence will be sent to you.

    We appreciate your spam submission. You will receive this auto-reply message only once per day if you submit multiple emails for evaluation in a 24 hour period. Additional information is as follows:

    * Spam submissions are processed seven days per week with new spam rules pushed out continuously. Time frames for rules on individual submissions vary depending on the quantity and quality of submissions.

    * As new spam rules are set globally for all customers, please be aware that not all individual spam submissions result in a new spam rule.

    * It is critical that when reporting spam that full Internet headers are included. This may be done by sending the offending message as an attachment along with the full original Internet headers; OR by using the Junk-Email Plug-In (as made available for some Outlook 2003+ users depending upon your organization).

    *In order for automated spam processing to take place, spam submissions should be sent in individually. Please do not forward multiple spam mails in one individual message.

    Thank you for assisting us in controlling unwanted email!

    Microsoft Forefront Online Security”


Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.