The Sadmind worm was a computer worm which exploited vulnerabilities in both Sun Microsystems' Solaris (Security Bulletin 00191) and Microsoft's Internet Information Services (MS00-078), for which a patch had been made available seven months earlier. It was discovered on May 8, 2001.[4]

Backdoor Sadmind
Alias
  • sadmind/IIS
  • Worm.PoizonBox[1]
TypeComputer worm
OriginChina
Technical details
Platform
Written inEnglish

Specifically, the virus affected the sadmind daemon on Solaris systems which had sadmind enabled in inetd.conf, since the sadmind daemon normally ran with root privileges.[5]

fuck USA Government
fuck PoizonBOx
contact:sysadmcn@yahoo.com.cn
Message displayed on sites altered by Sadmind worm.

The worm defaced web servers with a message against the United States government[6] and the anti-Chinese cracking group PoizonBOx.[7]

Systems affected by version

edit

Microsoft (IIS):

  • Version 4.0[8]
  • Version 5.0

Sun Microsystems (Solaris):

  • Version 2.3
  • Version 2.4[9]

See also

edit

References

edit
  1. ^ "Sadmind". F-secure. Archived from the original on 16 July 2012. Retrieved 9 February 2013.
  2. ^ "CERT Advisory CA-2001-11: sadmind/IIS Worm". Carnegie Mellon University Software Engineering Institute. Archived from the original on 2001-11-07. Retrieved 5 October 2019.{{cite web}}: CS1 maint: unfit URL (link)
  3. ^ "Microsoft IIS and PWS Extended Unicode Directory Traversal Vulnerability". Security Focus. Archived from the original on 10 October 2012. Retrieved 9 February 2013.
  4. ^ "Backdoor.Sadmind". Symantec. Archived from the original on February 11, 2007. Retrieved 9 February 2013.
  5. ^ "Security Issue Involving the Solaris sadmind(1M) Daemon". download.oracle.com. Archived from the original on 2016-10-18. Retrieved 2024-05-23.
  6. ^ "Unix/SadMind - Worm - Sophos threat analysis Archived 2021-10-21 at the Wayback Machine". Accessed January 13, 2008.
  7. ^ Raiu, Costin. "One Sad Mind Archived 2005-05-22 at the Wayback Machine". Accessed January 13, 2008.
  8. ^ "New Sadmind/IIS Worm Defaces Websites and Compromises Internet Security". e-Corp. Archived from the original on 2016-03-04. Retrieved 9 February 2013.
  9. ^ "Malware FAQ: Sadmind/IIS Worm". SANS. Archived from the original on 2019-10-06. Retrieved 2019-10-06.
edit