Video | Business Headlines | Internet | Science | Scientific Ethics | Technology | Search


Protection From Sadmind/IIS Worm

Risk Impact Of Security Vulnerability Resulting From Worm Exploit Rated As High

Symantec's Intrusion Prevention, Vulnerability Assessment and AntiVirus Solutions Detect and Prevent Sadmind/IIS Worm, Protecting Critical E-mail and Web Servers

AUCKLAND - May 14, 2001- Symantec Corp. (Nasdaq: SYMC) today announced its security solutions protect customers against a highly sophisticated hacking effort that uses a worm to exploit a known vulnerability. Symantec's NetProwler, Enterprise Security Manager (ESM) and Norton AntiVirus provide detection for and protection against the sadmind/IIS worm.

"What is interesting about this attack is that the worm itself is not the main threat, it is the vulnerability exploited by that worm that can really cause significant damage," said David Banes, Regional Manager, Symantec AntiVirus Research Center (SARC). "Unpatched operating system holes are one of the most common ways to break into an organization's network - and using a worm to break into the system is becoming more and more common."

Sadmind/IIS is the latest worm designed to attack unpatched versions of Microsoft Internet Information Server (IIS) versions 4.0 and 5.0 Web servers and unpatched versions of Solaris 7 or lower. The Sadmind/IIS worm exploits a buffer overflow vulnerability in the Sadmind program used to remotely control system administration on Solaris operating systems. Once the Solaris system is compromised, the worm searches for Microsoft systems running IIS Web server v. 4.0 or v. 5.0, where it defaces the targeted Web page. The worm further scans to identify other Solaris systems to compromise.

Exploiting server vulnerabilities can result in hackers gaining remote administrator access. This level of access can enable any level of hacker to wreak havoc on systems such as Solaris and IIS, which are commonly used as the internal backbone for an organization's e-mail and Web servers.

"The Sadmind/IIS worm takes advantage of a two-year old security hole in Solaris, which has since been fixed," Banes said. "The majority of hacking attempts could be thwarted if companies made sure they kept their systems up-to-date and enforced a sound security policy. ESM, NetProwler and Norton AntiVirus ensure corporations are alerted to and protected against both the Solaris and IIS exploits, keeping Symantec's customers ahead of this latest vulnerability."

Symantec's award-winning intrusion prevention, vulnerability assessment and anti-virus solutions, NetProwler, Enterprise Security Manager (ESM) and Norton AntiVirus, work in concert to detect and protect against the Sadmind/IIS worm and associated exploits. Symantec currently offers an ESM patch and registry templates, as well as NetProwler Security Updates and Norton AntiVirus signatures to protect against the Sadmind/IIS worm. These can be downloaded from . Additionally, hot fixes can be downloaded directly from Microsoft's TechNet Security page, at or from Sun Microsystems from the Sun Security Bulletin #00191: doctype=coll&doc=secbull/191&type=0&nav=sec.sba . Symantec Enterprise Solutions Symantec customers worldwide utilize the award-winning ESM to automatically check, manage and enforce sound security practices across the enterprise, including workstations, file servers, Web servers, and other key Internet access points worldwide. Through ESM's sophisticated file monitoring and host-based assessment capabilities, customers can proactively manage and detect the Sadmind/IIS worm and many other threats as part of a comprehensive security policy. ESM's startup FileWatch module detects running services in violation of an organization's security policy, and the password strength module detects inadequate passwords. The FileWatch and file attributes modules of ESM track changes and security settings in critical files that are exploited in the majority of Internet attacks to enable the customer to quickly respond and rectify potential security threats. NetProwler, Symantec's network intrusion detection system, can identify and terminate malicious activity on a network in real time. NetProwler's Security Update 5 (SU5) can detect attacks to the Windows 2000 IIS 5.0 Server and SU6 detects attack attempts to the Sun Solaris operating system via the Sadmind worm vulnerability. Both SU's are downloaded using its auto update feature. NetProwler streamlines the process of implementing, maintaining and enhancing real-time network intrusion detection for network managers grappling with changing, open networks and the stringent security requirements of e-business. While some other IDS solutions require a system shutdown during updates, NetProwler's active updating enables companies to securely update new signatures in real-time with no interruption of system defenses. Additionally, Norton AntiVirus definitions are available to detect the Sadmind/IIS worm. Symantec's Norton AntiVirus Corporate Edition provides enterprise-class protection at the desktop and file/print server tiers of the corporate network. The release of Symantec's Norton AntiVirus Corporate Edition 7.5 introduces customers to the Digital Immune System, a Web-based closed-loop automation technology designed to quickly and automatically handle flood conditions caused by today's rapidly spreading Internet-borne viruses. Symantec Enterprise Security ESM, NetProwler and Norton AntiVirus are key components of Symantec Enterprise Security that provides any size organization with the technology, global response and services necessary to manage its information security. Symantec's comprehensive solution offers best-of-breed products to protect gateways, servers, and clients with virus protection, firewall security, intrusion detection and vulnerability management. Customers benefit from Symantec's global network of researchers that provide customers with around-the-clock, immediate response to any new security-related attacks. Symantec Enterprise Security customers are also supported by Symantec Security Services, which offers security consulting, education, and implementation as well as managed security services. For more information, please visit Symantec's enterprise Web site at

© Scoop Media

Business Headlines | Sci-Tech Headlines


Watch This Space: Mahia Rocket Lab Launch Site Officially Opened

Economic Development Minster Steven Joyce today opened New Zealand’s first orbital launch site, Rocket Lab Launch Complex 1, on the Mahia Peninsula on the North Island’s east coast. More>>


Marketing Rocks!
Ig Nobel Award Winners Assess The Personality Of Rocks

A Massey University marketing lecturer has received the 2016 Ig Nobel Prize for economics for a research project that asked university students to describe the “brand personalities” of three rocks. More>>


Nurofen Promotion: Reckitt Benckiser To Plead Guilty To Misleading Ads

Reckitt Benckiser (New Zealand) intends to plead guilty to charges of misleading consumers over the way it promoted a range of Nurofen products, the Commerce Commission says. More>>


Half A Billion Accounts, Including Xtra: Yahoo Confirms Huge Data Breach

The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. More>>


Rural Branches: Westpac To Close 19 Branches, ANZ Looks At 7

Westpac confirms it will close nineteen branches across the country; ANZ closes its Ngaruawahia branch and is consulting on plans to close six more branches; The bank workers union says many of its members are nervous about their futures and asking ... More>>

Interest Rates: RBNZ's Wheeler Keeps OCR At 2%

Reserve Bank governor Graeme Wheeler kept the official cash rate at 2 percent and said more easing will be needed to get inflation back within the target band. More>>


Get More From Scoop

Search Scoop  
Powered by Vodafone
NZ independent news