SI
SI
discoversearch

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor.  We ask that you disable ad blocking while on Silicon Investor in the best interests of our community.  If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.
Technology Stocks : The *NEW* Frank Coluccio Technology Forum -- Ignore unavailable to you. Want to Upgrade?

To: Elsewhere who wrote (2744)5/12/2001 1:37:09 AM
From: Frank A. Coluccio  Respond to of 46821
 
Thanks, Jochen. While nothing much came of the cyber war (although I am aware of some unreported trashings that occurred where the principals are keeping mum), it did serve the purpose of pointing out the potential. That is, how vulnerable and fragile the Internet could become with enough harm directed towards it. Then again, script kiddies have been around for a long time. Fortunately, their nihilistic and sometimes mindless leanings are not supportive of an organized front. Unless, of course, they read something like my last sentence. <Shields Up!> FAC



To: Elsewhere who wrote (2744)5/12/2001 11:35:14 AM
From: Frank A. Coluccio  Read Replies (1) | Respond to of 46821
 
From NANOG: Solaris/IIS worm hits 9000 boxes in 48 hours

theregister.co.uk

......The quite reliable hacker tracker attrition.org is reporting that
nearly nine thousand machines had been auto-defaced by the sadmind/IIS worm
as of Tuesday, making it one of the most effective little scripts ever
loosed on the Net.......
---------------

The full article:

Solaris/IIS worm hits 9000 boxes in 48 hours
By: Thomas C Greene in Washington
Posted: 11/05/2001 at 10:55 GMT

The quite reliable hacker tracker attrition.org is reporting that nearly nine thousand machines had been auto-defaced by the sadmind/IIS worm as of Tuesday, making it one of the most effective little scripts ever loosed on the Net.

Attrition has posted the IPs of all the boxes known to have been hit, and mirrored the default defacement to boot.

The worm infects Solaris boxes up to version 7, and then scans for IIS machines susceptible to the folder traversal vulnerability and executes mean-spirited code on them, replacing their default Web pages with naughty words.

What's ironic here is that the worm exploits two separate holes which were reported and patched ages ago. Call it proof-of-concept that sysadmins spend an awful lot of time on activities other than absorbing security bulletins.

The worm's payload is non-destructive -- far more nuisance than threat. However, developing a destructive version wouldn't even be close to brain surgery. So let's get those patches installed, shall we?

Find out how to protect yourself here. ®


HomeMailHotSubjectMarksPeopleMarksKeepersSettings
Terms Of UseContact UsCopyright/IP PolicyPrivacy PolicyAbout UsFAQAdvertise on SI
© 2025 Knight Sac Media.  Data provided by Twelve Data, Alpha Vantage, and CityFALCON News