Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Solaris/IIS worm takes off

Solaris/IIS worm takes off

by phiber on May 12th, 2001 The quite reliable hacker tracker attrition.org is reporting that nearly nine thousand machines had been auto-defaced by the sadmind/IIS worm as of Tuesday, making it one of the most effective little scripts ever loosed on the Net.


Attrition has posted the IPs of all the boxes known to have been hit, and mirrored the default defacement to boot.



The worm infects Solaris boxes up to version 7, and then scans for IIS machines susceptible to the folder traversal vulnerability and executes mean-spirited code on them, replacing their default Web pages with naughty words.



What's ironic here is that the worm exploits two separate holes which were reported and patched ages ago. Call it proof-of-concept that sysadmins spend an awful lot of time on activities other than absorbing security bulletins.



The worm's payload is non-destructive -- far more nuisance than threat. However, developing a destructive version wouldn't even be close to brain surgery.



Find out how to protect yourself here.

This article was originally posted on SecurityFocus.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »