Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC Infocon

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

The intent of the 'Infocon' is to reflect changes in malicious traffic and the possibility of disrupted connectivity. In particular important is the concept of "Change". Every host connected to the Internet is subject to some amount of traffic caused by worms and viruses. However, once a worm has been identified and the number of infected machines is no longer increasing, this traffic is not likely to cause any disruptions.

The Infocon is intended to apply to the condition of the Internet infrastructure. We do not monitor particular nations or companies.

You may use the following html code to link to the current Infocon status:

In addition to the graphic, we offer two text feeds. The text feed can take up to 15 minutes to update.

For fans of RSS newsfeeds, check our RSS feed at

If we change the infocon, we try to remain at the same level for at least 24 hrs.

Applications and Widgets

INFOCon Definition

INFOCon images below use a white background. Transparent images are available by adding "_transparent" such as status_blue_transparent.gif.

Everything is normal. No significant new threat known.
This status is used for testing only. Everything is normal. No significant new threat known.
We are currently tracking a significant new threat. The impact is either unknown or expected to be minor to the infrastructure. However, local impact could be significant. Users are advised to take immediate specific action to contain the impact. Example: 'MSBlaster' worm outbreak.
A major disruption in connectivity is imminent or in progress. Examples: Code Red on its return, and SQL Slammer worm during its first half day
Loss of connectivity across a large part of the internet.

(Partial) INFOCon History

This table summarizes past infocon changes. Not every single event is covered. (Eg. Code Red was our first event that caused us to go to 'Yellow' and later briefly to 'Orange')

Apr 08 2014YellowOpenSSL Heartbleed
Mar 16 2012YellowMS12020 Windows RDP Vulnerability
Sep 28 2010YellowMS10070
Jul 19 2010YellowLNK Vulnerability in Windows
Jul 13 2009YellowMS Office Web Components ActiveX
Oct 23 2008YellowMicrosoft RPC Patch MS08067
May 15 2008YellowDebian SSL Keys
Mar 31 2007YellowANI Exploit
Mar 23-24 2006YellowcreateTextRange exploit
Dec 31st 2005-Jan 5th 2006YellowWMF flaw
Dec 27th 2005YellowWMF flaw
Nov 21-22 2005YellowWindow() MSIE 0-day
Oct 19-20 2005YellowSnort Exploit
Aug 12-18 2005YellowPnP Bot/Worm (Zotob)
May 1-4 2004YellowSasser Worm
Mar 20-22 2004YellowWitty Worm
Sep 10-12 2003YellowRPC exploit
Aug 11-15 2003YellowMSFT Blaster
Mar 17-20 2003YellowIIS WebDav Exploit
Jan 25-28 2003YellowSQL Slammer
Sep 19 2002YellowSlapper Worm