Backdoor.Sadmind

Backdoor.Sadmind is a backdoor worm program that may affect systems that are running unpatched versions of Microsoft IIS or unpatched versions of Solaris.

If files on a desktop computer are detected as Backdoor.Sadmind.Dr, that does not mean that there is an infection. It means that you have visited a Website whose server has been compromised by Backdoor.Sadmind, which replicates only on Solaris systems. You should delete any files detected as Backdoor.Sadmind.Dr.



CERT/CC
CERT has issued an advisory regarding sadmind-IIS:
http://www.cert.org/advisories/CA-2001-11.html

Microsoft Corporation
The following documents regarding this vulnerability are available from Microsoft:
http://www.microsoft.com/technet/security/bulletin/MS01-023.asp

Sun Microsystems
Sun has issued the following bulletin for this vulnerability:
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/191&type=0&nav=sec.sba

NOTE: The patch closes the security hole on Solaris systems that Backdoor.Sadmind uses to infect a system. Left unpatched, other malicious programs could take advantage of the same vulnerability. The best way to close the vulnerable ports is to use the security patch.