Sadmind/IIS Worm Hitting Unpatched Systems
- By Scott Bekker
Attackers are exploiting old vulnerabilities in Solaris and IIS Web servers with a new malicious worm called the sadmind/IIS Worm to attack more Solaris and IIS Web servers and deface Web pages, according to an advisory issued Tuesday by CERT.
The exploit relies on administrators having failed to install a two-year-old buffer overflow vulnerability patch in Solaris and a seven-month-old vulnerability patch in IIS, according to the CERT advisory.
Compromised Solaris systems attack Microsoft IIS Web servers and also propogate the virus to other vulnerable Solaris systems.
Web page defacement appears to affect only IIS systems, which display Web pages reading: “f--- USA Government, f--- PoizonBOx.”
The IIS vulnerability allows an attacker to use a malformed URL to access various files and folders on a Web server and execute operating system commands, allowing for no end of mischief.
The original Microsoft patch can be found here.
Scott Bekker is editor in chief of Redmond Channel Partner magazine.