Video | Business Headlines | Internet | Science | Scientific Ethics | Technology | Search


Protection From Sadmind/IIS Worm

Risk Impact Of Security Vulnerability Resulting From Worm Exploit Rated As High

Symantec's Intrusion Prevention, Vulnerability Assessment and AntiVirus Solutions Detect and Prevent Sadmind/IIS Worm, Protecting Critical E-mail and Web Servers

AUCKLAND - May 14, 2001- Symantec Corp. (Nasdaq: SYMC) today announced its security solutions protect customers against a highly sophisticated hacking effort that uses a worm to exploit a known vulnerability. Symantec's NetProwler, Enterprise Security Manager (ESM) and Norton AntiVirus provide detection for and protection against the sadmind/IIS worm.

"What is interesting about this attack is that the worm itself is not the main threat, it is the vulnerability exploited by that worm that can really cause significant damage," said David Banes, Regional Manager, Symantec AntiVirus Research Center (SARC). "Unpatched operating system holes are one of the most common ways to break into an organization's network - and using a worm to break into the system is becoming more and more common."

Sadmind/IIS is the latest worm designed to attack unpatched versions of Microsoft Internet Information Server (IIS) versions 4.0 and 5.0 Web servers and unpatched versions of Solaris 7 or lower. The Sadmind/IIS worm exploits a buffer overflow vulnerability in the Sadmind program used to remotely control system administration on Solaris operating systems. Once the Solaris system is compromised, the worm searches for Microsoft systems running IIS Web server v. 4.0 or v. 5.0, where it defaces the targeted Web page. The worm further scans to identify other Solaris systems to compromise.

Exploiting server vulnerabilities can result in hackers gaining remote administrator access. This level of access can enable any level of hacker to wreak havoc on systems such as Solaris and IIS, which are commonly used as the internal backbone for an organization's e-mail and Web servers.

"The Sadmind/IIS worm takes advantage of a two-year old security hole in Solaris, which has since been fixed," Banes said. "The majority of hacking attempts could be thwarted if companies made sure they kept their systems up-to-date and enforced a sound security policy. ESM, NetProwler and Norton AntiVirus ensure corporations are alerted to and protected against both the Solaris and IIS exploits, keeping Symantec's customers ahead of this latest vulnerability."

Symantec's award-winning intrusion prevention, vulnerability assessment and anti-virus solutions, NetProwler, Enterprise Security Manager (ESM) and Norton AntiVirus, work in concert to detect and protect against the Sadmind/IIS worm and associated exploits. Symantec currently offers an ESM patch and registry templates, as well as NetProwler Security Updates and Norton AntiVirus signatures to protect against the Sadmind/IIS worm. These can be downloaded from . Additionally, hot fixes can be downloaded directly from Microsoft's TechNet Security page, at or from Sun Microsystems from the Sun Security Bulletin #00191: doctype=coll&doc=secbull/191&type=0&nav=sec.sba . Symantec Enterprise Solutions Symantec customers worldwide utilize the award-winning ESM to automatically check, manage and enforce sound security practices across the enterprise, including workstations, file servers, Web servers, and other key Internet access points worldwide. Through ESM's sophisticated file monitoring and host-based assessment capabilities, customers can proactively manage and detect the Sadmind/IIS worm and many other threats as part of a comprehensive security policy. ESM's startup FileWatch module detects running services in violation of an organization's security policy, and the password strength module detects inadequate passwords. The FileWatch and file attributes modules of ESM track changes and security settings in critical files that are exploited in the majority of Internet attacks to enable the customer to quickly respond and rectify potential security threats. NetProwler, Symantec's network intrusion detection system, can identify and terminate malicious activity on a network in real time. NetProwler's Security Update 5 (SU5) can detect attacks to the Windows 2000 IIS 5.0 Server and SU6 detects attack attempts to the Sun Solaris operating system via the Sadmind worm vulnerability. Both SU's are downloaded using its auto update feature. NetProwler streamlines the process of implementing, maintaining and enhancing real-time network intrusion detection for network managers grappling with changing, open networks and the stringent security requirements of e-business. While some other IDS solutions require a system shutdown during updates, NetProwler's active updating enables companies to securely update new signatures in real-time with no interruption of system defenses. Additionally, Norton AntiVirus definitions are available to detect the Sadmind/IIS worm. Symantec's Norton AntiVirus Corporate Edition provides enterprise-class protection at the desktop and file/print server tiers of the corporate network. The release of Symantec's Norton AntiVirus Corporate Edition 7.5 introduces customers to the Digital Immune System, a Web-based closed-loop automation technology designed to quickly and automatically handle flood conditions caused by today's rapidly spreading Internet-borne viruses. Symantec Enterprise Security ESM, NetProwler and Norton AntiVirus are key components of Symantec Enterprise Security that provides any size organization with the technology, global response and services necessary to manage its information security. Symantec's comprehensive solution offers best-of-breed products to protect gateways, servers, and clients with virus protection, firewall security, intrusion detection and vulnerability management. Customers benefit from Symantec's global network of researchers that provide customers with around-the-clock, immediate response to any new security-related attacks. Symantec Enterprise Security customers are also supported by Symantec Security Services, which offers security consulting, education, and implementation as well as managed security services. For more information, please visit Symantec's enterprise Web site at

© Scoop Media

Business Headlines | Sci-Tech Headlines


Media Mega Merger: StuffMe Hearing Argues Over Moveable Feast

New Zealand's two largest news publishers are appealing against the Commerce Commission's rejection of the proposal to merge their operations. More>>


Approval: Northern Corridor Decision Released

The approval gives the green light to construction of the last link of Auckland’s Western Ring Route, providing an alternative route from South Auckland to the North Shore. More>>


Crown Accounts: $4.1 Billion Surplus

The New Zealand Government has achieved its third fiscal surplus in a row with the Crown accounts for the year ended 30 June 2017 showing an OBEGAL surplus of $4.1 billion, $2.2 billion stronger than last year, Finance Minister Steven Joyce says. More>>


Mycoplasma Bovis: One New Property Tests Positive

The newly identified property... was already under a Restricted Place notice under the Biosecurity Act. More>>

Accounting Scandal: Suspension Of Fuji Xerox From All-Of-Government Contract

General Manager of New Zealand Government Procurement John Ivil says, “FXNZ has been formally suspended from the Print Technology and Associated Services (PTAS) contract and terminated from the Office Supplies contract.” More>>