Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Blackworm Notifications SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Blackworm Notifications
Blackworm infected machines reported to a 'counter' site the fact that they got infected. The TISF BlackWorm task force obtained the logs from this counter, and is notifying networks represented in the logs. These notifications will use a from address of "" or "". Please e-mail jullrich\at/ if you would like to obtain a list for your network, and have not received an automated e-mail.

Please include information to support that your e-mail address is associated with administering the respective networks, or a phone number to validate the information.

Update: We are getting A LOT of requests. Please do not forget to include the IP space you are interested in. Quite a number of people responded that these logs helped them identify infected systems and it likely prevented major data loss to these organizations. BIG THANKS to RCN for providing the counter logs in a timely manner. We could not provide this service without their help.

I will be teaching next: Intrusion Detection In-Depth - SANS London October 2021


4247 Posts
ISC Handler
Jan 25th 2006

Sign Up for Free or Log In to start participating in the conversation!