Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Blackworm Notifications - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Blackworm Notifications
Blackworm infected machines reported to a 'counter' site the fact that they got infected. The TISF BlackWorm task force obtained the logs from this counter, and is notifying networks represented in the logs. These notifications will use a from address of "" or "". Please e-mail jullrich\at/ if you would like to obtain a list for your network, and have not received an automated e-mail.

Please include information to support that your e-mail address is associated with administering the respective networks, or a phone number to validate the information.

Update: We are getting A LOT of requests. Please do not forget to include the IP space you are interested in. Quite a number of people responded that these logs helped them identify infected systems and it likely prevented major data loss to these organizations. BIG THANKS to RCN for providing the counter logs in a timely manner. We could not provide this service without their help.

I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANSFIRE 2022


4504 Posts
ISC Handler
Jan 25th 2006

Sign Up for Free or Log In to start participating in the conversation!