How the Sadmind Worm of 2001 Affected Internet Security
Origin of the Sadmind worm as a formidable virus
The Sadmind worm was discovered in 2001 as an internet work whose creator is not yet known. The precise date of its discovery was on the 5th of August in that year. The origin of this particular worm is stated as being China and the source language is Perl or Shell Script. In terms of the platforms where it works best the foundation has been Solaris and Microsoft IIS. Users need to watch out for the file types .SH, .PL and ELF. Having affected Solaris services, it was able to modify certain pages on the Microsoft IIS services which normally run on Windows 2000 and NT.
How the virus exploited loopholes
There had been problems with the Microsoft and Sun Microsystems which allowed this worm to operate freely. The issues had been identified for over a year but no concrete action was taken. Users are advised to always get the updates out on time so that they do not fall victims to this sort of threat. It must be noted that the Sadmind worm appeared shortly before the introduction of the Code Red version. Some people have speculated that the two viruses may actually be related. This worm tends to generate IP addresses after the infection. All these addresses will be tested by the intruder to see if a port-map service is listening to number 111. This then leads to the remote administration service which can breach confidentiality.
Losing control over your computer
The root allows it to get privileges to your programs. It primarily exploits the buffer overflow gaps which are vulnerable to attack. The stack pointer will be overwritten and therefore compromised. Once a new host is affected then a copy of its personalized “uni.tar” file will be sent. This is the common UNIX format which is very similar to the .zip format. A directory will be created in the CUC subfolder so that 16 files are extracted. A 17th UNIX crash core file may also be created. There are 6 Sparc ELF executable files which are characteristic of this virus.
A number of file formats is brought to book
With the Sadmind worm you can get the Brute file which is created by a hacker known as elux. Cheese Whiz may also create the Sadmindex-sparc file. Scud will build the grabbb file. A group known as Teso will then do searches for Solaris on your IIS servers. You would then be anticipating the next 3 ELFs including GZIP, NC and WGET. All these are harmful to the management of your servers.
Call Toll Free: 1- 888- 901- GEEK (4335)
Leave a Reply