A system used by GrandBasin to host a Bulletin Board for its users was attacked by the sadmind/IIS virus (also known as the ‘China Worm’). GrandBasin told PDM “The Bulletin Board system is an independent Windows server available on the public Internet and does not form part of the PetroBank secure databank.”
The worm defaced the homepage of the Microsoft Windows Internet Information Server (not actually used by the Bulletin Board). No further damage was caused and updated patches have been applied to prevent a re-occurrence of the attack.GrandBasin reassured PetroBank users that “This attack posed no threat to client data, or to the integrity of the PetroBank solution.”
According to virus watch organization CERT/CC, the China worm exploits a vulnerability in Solaris systems and subsequently installs software to attack Microsoft IIS web servers. To compromise the Solaris systems, the worm takes advantage of a buffer overflow vulnerability in the Solstice sadmind program. We will spare Oil IT Journal readers details of the virus’ ‘message.’
© Oil IT Journal - all rights reserved.