Event Tracking
Significant incidents recently reported to

24 Hours
7 Days
30 Days
HackerWatch Event Maps
Special Worm Animation

The current top threat on the Internet is coming from a highly successful worm that is spreading itself thanks to a vulnerability in the RPC feature of Windows.  Although a patch has been available for some time many computers have not yet been patched.  The worm infects a system and then searches for additional susceptible computers to further infect. On Tuesday we recorded IP addresses of over 3/4 million different computers that appear to be propagating the worm. (Graph)

The HackerWatch system coordinates data from hundreds of thousands of separate firewall nodes.  This network of nodes can be used to detect patterns that indicate computers that are searching for systems to infect.

Even though your computer may be safe from infection, having been patched, firewalled and protected with anti-virus software, there may be other computers in your office, school or other network that are infected.

The IP address you are coming to this web page from is


Checking address range -
No events were found that originated from this block.

Any IP addresses shown here are producing traffic that may indicate it has been infected by the worm at some point since the outbreak began.  This is a strong indicator of infected systems and any systems appearing here should be quarantined and checked for the worm immediately. For systems that have since been patched and firewalled, keep in mind that we are displaying data since the start of the outbreak.

Scan your computer for viruses with McAfee Freescan