Home page logo
/

nanog logo nanog mailing list archives

Sadmind/IIS Worm Defaces IIS Websites via Solaris.
From: Petri Stephen <Stephen.Petri () nycboe net>
Date: Thu, 10 May 2001 10:27:57 -0400


A number of Websites were defaced by this worm.  Check your patches.

http://www.securitywatch.com/newsforward/default.asp?AID=7476

....Sadmind/IIS, which automatically slithers into Solaris and Microsoft IIS
machines, has claimed a site associated with British TV news gang ITN. As
per its payload, the worm revamped the site's home page to curse hacker
PoizonBOx and the American government.......... According to The Register,
it is the first major reported hack that uses the worm.........is programmed
to sneak into a Solaris 7 based system, using an old sadmind buffer overflow
trick. Having root access, it automatically uses a folder traversal hole to
take over IIS machines. 


Read the CERT advisory: http://www.cert.org/advisories/CA-2001-11.html. 
 

Stephen Petri
Enterprise Architect
UNIFIED Technologies, Inc.


  By Date           By Thread  

Current thread:
  • Sadmind/IIS Worm Defaces IIS Websites via Solaris. Petri Stephen (May 10)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]