GrandBasin hacked!

The Common Data Access bulletin board was attacked by the ‘China Worm’ virus this month. Apart from the embarrassment, no harm was done.

A system used by GrandBasin to host a Bulletin Board for its users was attacked by the sadmind/IIS virus (also known as the ‘China Worm’). GrandBasin told PDM “The Bulletin Board system is an independent Windows server available on the public Internet and does not form part of the PetroBank secure databank.”


The worm defaced the homepage of the Microsoft Windows Internet Information Server (not actually used by the Bulletin Board). No further damage was caused and updated patches have been applied to prevent a re-occurrence of the attack.GrandBasin reassured PetroBank users that “This attack posed no threat to client data, or to the integrity of the PetroBank solution.”


According to virus watch organization CERT/CC, the China worm exploits a vulnerability in Solaris systems and subsequently installs software to attack Microsoft IIS web servers. To compromise the Solaris systems, the worm takes advantage of a buffer overflow vulnerability in the Solstice sadmind program. We will spare Oil IT Journal readers details of the virus’ ‘message.’

Click here to comment on this article

Click here to view this article in context on a desktop

© Oil IT Journal - all rights reserved.