Blackworm infected machines reported to a 'counter' site the fact that they got infected. The TISF BlackWorm task force obtained the logs from this counter, and is notifying networks represented in the logs. These notifications will use a from address of "email@example.com" or "Randy_Vaughn@Baylor.edu". Please e-mail jullrich\at/sans.org if you would like to obtain a list for your network, and have not received an automated e-mail.
Please include information to support that your e-mail address is associated with administering the respective networks, or a phone number to validate the information.
Update: We are getting A LOT of requests. Please do not forget to include the IP space you are interested in. Quite a number of people responded that these logs helped them identify infected systems and it likely prevented major data loss to these organizations. BIG THANKS to RCN for providing the counter logs in a timely manner. We could not provide this service without their help.
I will be teaching next: Intrusion Detection In-Depth - SANS Las Vegas Spring 2020
Jan 25th 2006
1 decade ago