Solaris/IIS worm hits 9000 boxes in 48 hours
PrintOff to a good start
Posted in Music and Media, 11th May 2001 10:55 GMT
Free whitepaper – Optimizing the data center for cost and efficiency
The quite reliable hacker tracker attrition.org is reporting that nearly nine thousand machines had been auto-defaced by the sadmind/IIS worm as of Tuesday, making it one of the most effective little scripts ever loosed on the Net.
Attrition has posted the IPs of all the boxes known to have been hit, and mirrored the default defacement to boot.
The worm infects Solaris boxes up to version 7, and then scans for IIS machines susceptible to the folder traversal vulnerability and executes mean-spirited code on them, replacing their default Web pages with naughty words.
What's ironic here is that the worm exploits two separate holes which were reported and patched ages ago. Call it proof-of-concept that sysadmins spend an awful lot of time on activities other than absorbing security bulletins.
The worm's payload is non-destructive -- far more nuisance than threat. However, developing a destructive version wouldn't even be close to brain surgery. So let's get those patches installed, shall we?
Find out how to protect yourself here. ®
Enabling The Agile Data Center
Analyst Keynote: The Register Agile Data Center Summit
Analyst Keynote: The Register Agile Data Center Summit
Dirty, dirty PCs: The X-rated picture guide
Top 500 supers - rise of the Linux quad-cores
Early adopters bloodied by Ubuntu's Karmic Koala
Sign up, sign up for The Register IT security newsletter