Sadmind/IIS Worm Defaces IIS Websites via Solaris.

[Petri Stephen <Stephen.Petri () nycboe net>]

A number of Websites were defaced by this worm.  Check your patches.

http://www.securitywatch.com/newsforward/default.asp?AID=7476

....Sadmind/IIS, which automatically slithers into Solaris and Microsoft IIS
machines, has claimed a site associated with British TV news gang ITN. As
per its payload, the worm revamped the site's home page to curse hacker
PoizonBOx and the American government.......... According to The Register,
it is the first major reported hack that uses the worm.........is programmed
to sneak into a Solaris 7 based system, using an old sadmind buffer overflow
trick. Having root access, it automatically uses a folder traversal hole to
take over IIS machines. 


Read the CERT advisory: http://www.cert.org/advisories/CA-2001-11.html. 
 

Stephen Petri
Enterprise Architect
UNIFIED Technologies, Inc.