Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Blackworm Notifications - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Blackworm Notifications
Blackworm infected machines reported to a 'counter' site the fact that they got infected. The TISF BlackWorm task force obtained the logs from this counter, and is notifying networks represented in the logs. These notifications will use a from address of "handlers@sans.org" or "Randy_Vaughn@Baylor.edu". Please e-mail jullrich\at/sans.org if you would like to obtain a list for your network, and have not received an automated e-mail.

Please include information to support that your e-mail address is associated with administering the respective networks, or a phone number to validate the information.

Update: We are getting A LOT of requests. Please do not forget to include the IP space you are interested in. Quite a number of people responded that these logs helped them identify infected systems and it likely prevented major data loss to these organizations. BIG THANKS to RCN for providing the counter logs in a timely manner. We could not provide this service without their help.

I will be teaching next: Intrusion Detection In-Depth - SANS London July 2019

Johannes

3562 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!