Security Incidents mailing list archives

RE: Sadmind/iis worm code anyone??

From: Doug.Barbin () guardent com
Date: Fri, 8 Jun 2001 14:03:55 -0400

You can find the binaries on digitaloffense.net.  

http://www.digitaloffense.net/worms/

Its one of several worms included on the site.  On the IIS side pay
particular attention to uniattack.sh and uniattack.pl.  These are the
programs that exploit the IIS boxes.  I've done a bit of research on this
worm on both Unix and NT sides.  Feel free to contact me directly if you
have any specific questions. 

The worm started to hit hard slightly over a month ago now.  It'd be
interesting to learn if any new occurrences are using modified versions of
the original code.

Regards,
Doug

Douglas  W. Barbin, CISSP, CFE
  Senior Consultant
  W: 703.338.4003 E-Fax: 240.331.6030
  601 Madison Street, Suite 200
  Alexandria, VA 22314  www.guardent.com
  PGP:  64CB ACA8 0474 B9AF 1B24  6756 FA80 A274 55A3 4122
______________________________________________________
G U A R D E N T  
  Enterprise Security and Privacy Programs



-----Original Message-----
From: Oliver Mannion [mailto:oliver () analog co nz]
Sent: Thursday, June 07, 2001 10:03 PM
To: incidents () securityfocus com
Subject: Sadmind/iis worm code anyone??


Hi all,

Several of our IIS machines have recently been attacked by the sadmind/iis
worm - it seems to be getting around again. Now I'm curious as to the
workings of the worm, does anyone have a copy they could please email to
me?

Warm Regards
Oliver Mannion
Software Developer

Current thread:

Sadmind/iis worm code anyone?? Oliver Mannion (Jun 08)
- Re: Sadmind/iis worm code anyone?? Jens Hektor (Jun 08)
- Re: Sadmind/iis worm code anyone?? quack (Jun 09)
- <Possible follow-ups>
- RE: Sadmind/iis worm code anyone?? Doug . Barbin (Jun 08)