Worm Turns Sun Against Microsoft
Follow up of the "Hackers Strike Massively"
The CERT Coordination Center Tuesday warned of a new self-propagating program, which it has dubbed the sadmind/IIS worm. Using a well-known vulnerability in each operating system, the worm turns a Sun Solaris server into a robot which silently sniffs out Windows NT or 2000 systems running IIS and defaces their home pages.
CERT's Shawn Hernan said that by mid-day Monday, more than 30 Solaris system operators had reported being infected by the worm, which exploits a buffer-overflow bug in a Solstice component known as sadmind to gain root-level control of the server. Initially unbeknownst to their operators, the infected Sun machines had run a script which uses a well-known vulnerability known as Unicode to compromise more than 2,000 remote IIS servers. Using log files created by the worm on the Solaris host, the Internet security reporting center has begun contacting system administrators of the compromised Windows systems.
Comments
Be the first to write a comment
You must me logged in to write a comment.