1. /
  2. Security Response/
  3. Backdoor.Sadmind

Backdoor.Sadmind

Risk Level 1: Very Low

Discovered:
May 8, 2001
Updated:
February 13, 2007 11:53:30 AM
Also Known As:
sadmind/IIS, Backdoor.Sadmind.dr
Type:
Worm

Backdoor.Sadmind is a backdoor worm program that may affect systems that are running unpatched versions of Microsoft IIS or unpatched versions of Solaris.

If files on a desktop computer are detected as Backdoor.Sadmind.Dr, that does not mean that there is an infection. It means that you have visited a Website whose server has been compromised by Backdoor.Sadmind, which replicates only on Solaris systems. You should delete any files detected as Backdoor.Sadmind.Dr.



CERT/CC
CERT has issued an advisory regarding sadmind-IIS:
http://www.cert.org/advisories/CA-2001-11.html

Microsoft Corporation
The following documents regarding this vulnerability are available from Microsoft:
http://www.microsoft.com/technet/security/bulletin/MS01-023.asp

Sun Microsystems
Sun has issued the following bulletin for this vulnerability:
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/191&type=0&nav=sec.sba

NOTE: The patch closes the security hole on Solaris systems that Backdoor.Sadmind uses to infect a system. Left unpatched, other malicious programs could take advantage of the same vulnerability. The best way to close the vulnerable ports is to use the security patch.

Antivirus Protection Dates

  • Initial Rapid Release version May 10, 2001
  • Latest Rapid Release version September 28, 2010 revision 054
  • Initial Daily Certified version May 10, 2001
  • Latest Daily Certified version September 28, 2010 revision 036
  • Initial Weekly Certified release date pending
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy

Damage

  • Damage Level: Medium

Distribution

  • Distribution Level: Medium
Writeup By: Cary Ng

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver