You are here: silicon.com > Software > Security Strategy

Worm attack: MS and Solaris users beware

US security expert CERT today issued warnings of a malicious worm that exploits vulnerabilities in the Solaris operating system and the Microsoft IIS web server.

By Chris Holbrook

Published: 8 May 2001 17:15 GMT

The worm, known as Sadmind/IIS, can compromise system security through a buffer overflow vulnerability in the Solstice program, allowing web pages to be defaced.

The worm installs software to attack servers running Microsoft IIS and can then propagate itself to other unpatched systems.

CERT (Computer Emergency Response Team) said it was unable to substantiate preliminary reports of the Sadmind virus destroying files on compromised Windows machines and rendering them unbootable.

Graham Cluley, senior technology consultant at Sophos, said there had been no new reports of the virus, but hoped users had already secured their systems.

Cluley said: "If anyone has not patched this already then they will be vulnerable to a lot of other security problems. Solaris users tend to patch their systems well and with the patch being available for some time, we don't feel this virus is desperately dangerous."

Worried users should download patches available at http://www.microsoft.com/technet/security/bulletin/MS00-078.asp and http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/191&type=0&nav=sec.sba

Add comment

Print story with

Email story

Melissa virus is back

Danger lurks as Chernobyl virus threatens to infect

Where do you want to go today? Microsoft gives virus room to roam

Top ten viruses for April

Symantec plugs virus scanning flaw

In silicon.com

Commentary

Nick Heath Your top HR tech priorities for next year revealed How to make human resources IT work for you

Bob Tarzey Why you must rein in your power users When they do damage, it can be catastrophic to your business

Latest News

ID cards: Seven years of missed deadlines and U-turns

Leaked report reveals billions in budget cuts for public sector IT

UK ID cards rollout hit by delay as launch date revealed

Bletchley Park's World War Two codebreakers in their own words

'You're responsible for your own wi-fi security' say ISPs

Jobs

3 rd line Wintel Support Engineer - Central London

Your responsibilities will include; Proactive Server Maintenance through monitoring and patch management and deployment Installation, configuration ...

Helpdesk Support Analyst, MS, IIS, LAMP, Unix, Digital Media

Required Skills: - Managing Helpdesk and all incident requests - Supporting Development teams - Windows server 2003/2008 - IIS - Unix/Linux Desirable ...

Security Operations Centre Manager (SOC Manager), SC Security Cleared

Basic awareness of computer based vulnerability analysis testing. Moderate awareness of computer based vulnerability analysis testing. Basic ...

Special Report Focus

Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.