Symantec Hong Kong
 global sites
products
purchase
service and support
security updates
downloads
about symantec
search
feedback


© 1995-2006 Symantec Corporation.
All rights reserved.
Legal Notices
Updated Privacy Policy
press centre

Symantec's Instrusion Prevention, Vulnerability Assessment and AntiVirus Solutions Detect and Prevent Sadmind/IIS Worm, Protecting Critical E-mail and Web Servers


Hong Kong -- May 14, 2001 - Symantec today announced that its award-winning security solutions now protect customers against a highly sophisticated hacking effort that uses a worm virus to exploit a known vulnerability. Symantec's NetProwler, Enterprise Security Manager (ESM) and Norton AntiVirus provide detection for and protection against the Sadmind/IIS worm.

Sadmind/IIS is the latest worm designed to attack unpatched versions of Microsoft Internet Information Server (IIS) versions 4.0 and 5.0 Web servers and unpatched versions of Solaris 7 or lower. The Sadmind/IIS worm exploits a buffer overflow vulnerability in the Sadmind program used to remotely control system administration on Solaris operating systems. Once the Solaris system is compromised, the worm searches for Microsoft systems running IIS Web server v. 4.0 or v. 5.0, where it defaces the targeted Web page. The worm further scans to identify other Solaris systems to compromise.

"What is interesting about this attack is that the worm itself is not the main threat, it is the vulnerability exploited by the worm that can really cause significant damage," said Vincent Weafer, senior director, Symantec AntiVirus Research Center (SARC). "Unpatched operating system holes are one of the most common ways to break into an organisation's network and using a worm to break into the system is becoming more and more common."

Exploiting server vulnerabilities can result in hackers gaining remote administrator access. This level of access can enable any level of hacker to wreak havoc on systems such as Solaris and IIS, which are commonly used as the internal backbone for an organisation's e-mail and Web servers.

"The Sadmind/IIS worm takes advantage of a two-year old security hole in Solaris, which has since been fixed," Weafer said. "The majority of hacking attempts could be thwarted if companies made sure they kept their systems up-to-date and enforced a sound security policy. ESM, NetProwler and Norton AntiVirus ensure corporations are alerted to protect against both the Solaris and IIS exploits, keeping Symantec's customers ahead of this latest vulnerability."

Symantec's award-winning intrusion prevention, vulnerability assessment and anti-virus solutions, NetProwler, Enterprise Security Manager (ESM) and Norton AntiVirus, work in concert to detect and protect against the Sadmind/IIS worm and associated exploits. Symantec currently offers an ESM patch and registry templates, as well as NetProwler Security Updates and Norton AntiVirus signatures to protect against the Sadmind/IIS worm. These can be downloaded from http://www.symantec.com/avcenter/security/Content/2001_05_11.html

Additionally, hot fixes can be downloaded directly from Microsoft's TechNet Security page, at http://www.microsoft.com/technet/security/bulletin/MS01-023.asp or from Sun Microsystems from the Sun Security Bulletin #00191: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/191&type=0&nav=sec.sba

Symantec Enterprise Solutions
Symantec customers worldwide utilise the award-winning ESM to automatically check, manage and enforce sound security practices across the enterprise, including workstations, file servers, Web servers, and other key Internet access points worldwide. Through ESM's sophisticated file monitoring and host-based assessment capabilities, customers can proactively manage and detect the Sadmind/IIS worm and many other threats as part of a comprehensive security policy. ESM's startup FileWatch module detects running services in violation of an organisation's security policy, and the password strength module detects inadequate passwords. The FileWatch and file attributes modules of ESM track changes and security settings in critical files that are exploited in the majority of Internet attacks to enable the customer to quickly respond and rectify potential security threats.

NetProwler, Symantec's network intrusion detection system, can identify and terminate malicious activity on a network in real time. NetProwler's Security Update 5 (SU5) can detect attacks to the Windows 2000 IIS 5.0 Server and SU6 detects attack attempts to the Sun Solaris operating system via the Sadmind worm vulnerability. Both SU's are downloaded using its auto update feature. NetProwler streamlines the process of implementing, maintaining and enhancing real-time network intrusion detection for network managers grappling with changing, open networks and the stringent security requirements of e-business. While some other IDS solutions require a system shutdown during updates, NetProwler's active updating enables companies to securely update new signatures in real-time with no interruption of system defenses.

Additionally, Norton AntiVirus definitions are available to detect the Sadmind/IIS worm. Symantec's Norton AntiVirus Corporate Edition provides enterprise-class protection at the desktop and file/print server tiers of the corporate network. The release of Symantec's Norton AntiVirus Corporate Edition 7.5 introduces customers to the Digital Immune System, a Web-based closed-loop automation technology designed to quickly and automatically handle flood conditions caused by today's rapidly spreading Internet-borne viruses.

Symantec Enterprise Security
ESM, NetProwler and Norton AntiVirus are key components of Symantec Enterprise Security that provides any size organisation with the technology, global response and services necessary to manage its information security. Symantec's comprehensive solution offers best-of-breed products to protect gateways, servers, and clients with virus protection, firewall security, intrusion detection and vulnerability management. Customers benefit from Symantec's global network of researchers that provide customers with around-the-clock, immediate response to any new security-related attacks. Symantec Enterprise Security customers are also supported by Symantec Security Services, which offers security consulting, education, and implementation as well as managed security services. For more information, please visit Symantec's enterprise web site at http://enterprisesecurity.symantec.com.

About Symantec
Symantec, a world leader in Internet security technology, provides a broad range of content and network security solutions to individuals and enterprises. The company is a leading provider of virus protection, risk management, Internet content and e-mail filtering, remote management and mobile code detection technologies to customers. Headquartered in Cupertino, California, Symantec has worldwide operations in more than 36 countries.

NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please view the Symantec Press Center at http://www.symantec.com/PressCenter/ on Symantec's Web site.

# # #

Brands and product names are the trademarks or registered trademarks of their respective holders.

Issued on behalf of Symantec Corporation by Newell Public Relations