[37410] in North American Network Operators' Group
Re: Solaris/IIS worm hits 9000 boxes in 48 hours
daemon@ATHENA.MIT.EDU (Ian Cooper)
Fri May 11 16:28:07 2001
Message-Id: <5.1.0.14.2.20010511132047.02877810@nemo.corp.equinix.com>
Date: Fri, 11 May 2001 13:25:43 -0700
To: nanog@merit.edu
From: Ian Cooper <icooper@equinix.com>
In-Reply-To: <56FFA01C212CD511BF8D00D0B712450C01B5160C@2mtcxch02.nycps.k
12.ny.us>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Errors-To: owner-nanog-outgoing@merit.edu
At 16:14 5/11/2001 -0400, Petri Stephen wrote:
>http://www.theregister.co.uk/content/6/18882.html
>
>......The quite reliable hacker tracker attrition.org is reporting that
>nearly nine thousand machines had been auto-defaced by the sadmind/IIS worm
>as of Tuesday, making it one of the most effective little scripts ever
>loosed on the Net.......
Quite. However, since this is NANOG you missed the most interesting parts:
"Attrition has posted the IPs of all the boxes known to have been hit..."
"What's ironic here is that the worm exploits two separate holes which were
reported and patched ages ago. Call it proof-of-concept that sysadmins
spend an awful lot of time on activities other than absorbing security
bulletins."
