mailing list archives
Sadmind/IIS Worm Defaces IIS Websites via Solaris.
From: Petri Stephen <Stephen.Petri () nycboe net>
Date: Thu, 10 May 2001 10:27:57 -0400
A number of Websites were defaced by this worm. Check your patches.
....Sadmind/IIS, which automatically slithers into Solaris and Microsoft IIS
machines, has claimed a site associated with British TV news gang ITN. As
per its payload, the worm revamped the site's home page to curse hacker
PoizonBOx and the American government.......... According to The Register,
it is the first major reported hack that uses the worm.........is programmed
to sneak into a Solaris 7 based system, using an old sadmind buffer overflow
trick. Having root access, it automatically uses a folder traversal hole to
take over IIS machines.
Read the CERT advisory: http://www.cert.org/advisories/CA-2001-11.html.
UNIFIED Technologies, Inc.
- Sadmind/IIS Worm Defaces IIS Websites via Solaris. Petri Stephen (May 10)