 |
 |
|
|
|
|||||||||||||||||||||||||||||||||||||||
|
CERT warns of worm that infects Solaris servers
(IDG) -- A new Internet worm that can infect Web servers running Sun Microsystems' Solaris operating system and Microsoft's Internet Information Server (IIS) has been discovered. The worm first attacks the Solaris server and then sets it up to attack the systems running IIS, the Computer Emergency Response Team (CERT) said Tuesday. The worm takes advantage of known security flaws in both servers' software to compromise systems and deface Web pages, according to CERT, which has named the malicious code the "sadmind/IIS worm."
CERT, at Pittsburgh's Carnegie Mellon University, said the worm has been found in the wild. "We have received a very large number of reports of systems being compromised by the worm, both Solaris and IIS systems," said Chad Dougherty, Internet security analyst at CERT. "We started receiving reports early on Monday." The Solaris system is entered by using a 2-year-old buffer overflow vulnerability. Then a security hole that was uncovered seven months ago is used to break into the IIS system. Once infected the Solaris system is used to scan and compromise other Solaris systems and IIS systems, CERT said. Software patches from Sun and Microsoft have long been available to fix the problems. However, as not every Web site administrator is diligent in plugging holes, servers could still be vulnerable. "None of the anti-virus vendors have reported the discovery of, or any incidents with, this malicious program [the sadmind/IIS worm]," said Denis Zenkin, spokesman for Kaspersky Lab, an anti-virus vendor. Kaspersky is a member of various international organizations that are comprised of the world's leading anti-virus companies, he added. This being the first report could mean one of two things, Zenkin said. "Either the worm has bugs and will never appear in the wild, in which case it is merely another entry in CERT's virus encyclopedia. This is certainly not the very first malicious program that attacks IIS servers. Or the worm is really something very dangerous and has the opportunity to become widespread," Zenkin said. If the sadmind/IIS worm is a danger, CERT's attitude towards anti-virus vendors can be classified as "unethical," Zenkin said. "CERT didn't share the virus sample with developers of anti-virus programs to allow them to provide their customers with an emergency update," Zenkin said. CERT's Dougherty said he saw no harm in not alerting the anti-virus vendors. "This is not something that traditional anti-virus software would protect against. We put the advisory out because we were seeing this worm propagate rapidly," he said. Systems that have been hit show certain characteristics. On the Solaris system a directory called "/dev/cuc" will contain tools that the worm uses to operate, for example. The IIS machine will show modified Web pages displaying a rant against the U.S. government and a Chinese e-mail address. RELATED STORIES:
New worm targets unprotected Linux systems RELATED IDG.net STORIES:
Ramen Linux worm seen in wild RELATED SITES:
CERT |
|
|
SCI-TECH
Study: Gadget sales flat Protest slams Dell's use of prison labor Steve Jobs keeps Apple in the limelight (MORE)
![[CNN.com]](http://i.cnn.net/cnn/images/newsnet/cnnlogo.gray.gif){kind=small} TOP STORIESN. Y. plans to heal skyline Stocks rise on Case departure Lieberman's presidential announcement today New arrests may be linked to UK ricin scare (MORE)
![[SI.com]](http://i.cnn.net/cnn/images/main/si.logo.gif){kind=logo} SPORTSJordan says farewell for the third time Shaq could miss playoff game for child's birth Ex-USOC official says athletes bent drug rules (MORE)
 All Scoreboards
|
|
|||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||
| Back to the top | |
© 2003 Cable News Network LP, LLLP.
A Time Warner Company. All Rights Reserved. Terms under which this service is provided to you. Read our privacy guidelines. Contact us. |
![[CNN Money]](http://i.cnn.net/cnn/images/main/fn.logo.newsnet.gif){kind=logo}
(