GrandBasin hacked! (January 2002)
The Common Data Access bulletin board was attacked by the China Worm virus this month. Apart from the embarrassment, no harm was done.A system used by GrandBasin to host a Bulletin Board for its users was attacked by the sadmind/IIS virus (also known as the China Worm). GrandBasin told PDM The Bulletin Board system is an independent Windows server available on the public Internet and does not form part of the PetroBank secure databank.
Defacement
The worm defaced the homepage of the Microsoft Windows Internet Information Server (not actually used by the Bulletin Board). No further damage was caused and updated patches have been applied to prevent a re-occurrence of the attack.GrandBasin reassured PetroBank users that This attack posed no threat to client data, or to the integrity of the PetroBank solution.
Solaris
According to virus watch organization CERT/CC, the China worm exploits a vulnerability in Solaris systems and subsequently installs software to attack Microsoft IIS web servers. To compromise the Solaris systems, the worm takes advantage of a buffer overflow vulnerability in the Solstice sadmind program. We will spare Oil IT Journal readers details of the virus message.
Click here to comment on this article
If your browser does not work with the MailTo button, send mail to
pdm@oilit.com with PDM_V_3.3_0201_2 as the subject.
Web use only - not for intranet/corporate use. Copyright 2001 The Data Room - all rights reserved.