Bank confirms crackers break into website

[InfoSec News <isn () c4i org>]

http://it.mycareer.com.au/breaking/2001/06/25/FFX87XS4DOC.html

Monday 25 June, 2001 14:53 GMT+10:00
By BARRY PARK, FAIRFAX IT

The National Australia Bank has confirmed that online vandals broke
into and defaced one of the company's Web servers last week.
  
An NAB spokesperson said today the bank detected crackers breaking
into and replacing a website's index page on Saturday with a statement
denouncing the United States Government and a wellknown website
cracker.

The defacement appears to be the work of the sadmind worm, which
spreads between Solaris systems using a year-old exploit and seeks out
systems running Microsoft's Internet Information Service (IIS)
servers.

The worm uses an eight-month-old security loophole to deface the IIS
Web server's index page.

The spokeswoman confirmed that the cracked server at
appwebcalc.national.com.au, which hosts customer services including
loans calculators, was an IIS/4.0 Web server running on an NT4
platform.

The spokesperson said the defaced website was "deleted before it was
seen by any member of the public".

She said the defacement took place in "only one isolated server",
while other areas, including Internet banking, were unaffected.

The spokesperson said the bank expected to have the website back up
later this week.

She said the defacement was not a direct attack on the bank.




ISN is hosted by SecurityFocus.com
---
To unsubscribe email isn-unsubscribe () SecurityFocus com.