Security Incidents mailing list archives
RE: Sadmind/iis worm code anyone??
From: Doug.Barbin () guardent com
Date: Fri, 8 Jun 2001 14:03:55 -0400
You can find the binaries on digitaloffense.net. http://www.digitaloffense.net/worms/ Its one of several worms included on the site. On the IIS side pay particular attention to uniattack.sh and uniattack.pl. These are the programs that exploit the IIS boxes. I've done a bit of research on this worm on both Unix and NT sides. Feel free to contact me directly if you have any specific questions. The worm started to hit hard slightly over a month ago now. It'd be interesting to learn if any new occurrences are using modified versions of the original code. Regards, Doug Douglas W. Barbin, CISSP, CFE Senior Consultant W: 703.338.4003 E-Fax: 240.331.6030 601 Madison Street, Suite 200 Alexandria, VA 22314 www.guardent.com PGP: 64CB ACA8 0474 B9AF 1B24 6756 FA80 A274 55A3 4122 ______________________________________________________ G U A R D E N T Enterprise Security and Privacy Programs -----Original Message----- From: Oliver Mannion [mailto:oliver () analog co nz] Sent: Thursday, June 07, 2001 10:03 PM To: incidents () securityfocus com Subject: Sadmind/iis worm code anyone?? Hi all, Several of our IIS machines have recently been attacked by the sadmind/iis worm - it seems to be getting around again. Now I'm curious as to the workings of the worm, does anyone have a copy they could please email to me? Warm Regards Oliver Mannion Software Developer
Current thread:
- Sadmind/iis worm code anyone?? Oliver Mannion (Jun 08)
- Re: Sadmind/iis worm code anyone?? Jens Hektor (Jun 08)
- Re: Sadmind/iis worm code anyone?? quack (Jun 09)
- <Possible follow-ups>
- RE: Sadmind/iis worm code anyone?? Doug . Barbin (Jun 08)