1. Symantec/
  2. Security Response/
  3. Backdoor.Sadmind


Risk Level 1: Very Low

May 8, 2001
February 13, 2007 11:53:30 AM
Also Known As:
sadmind/IIS, Backdoor.Sadmind.dr

Backdoor.Sadmind is a backdoor worm program that may affect systems that are running unpatched versions of Microsoft IIS or unpatched versions of Solaris.

If files on a desktop computer are detected as Backdoor.Sadmind.Dr, that does not mean that there is an infection. It means that you have visited a Website whose server has been compromised by Backdoor.Sadmind, which replicates only on Solaris systems. You should delete any files detected as Backdoor.Sadmind.Dr.

CERT has issued an advisory regarding sadmind-IIS:

Microsoft Corporation
The following documents regarding this vulnerability are available from Microsoft:

Sun Microsystems
Sun has issued the following bulletin for this vulnerability:

NOTE: The patch closes the security hole on Solaris systems that Backdoor.Sadmind uses to infect a system. Left unpatched, other malicious programs could take advantage of the same vulnerability. The best way to close the vulnerable ports is to use the security patch.

Antivirus Protection Dates

  • Initial Rapid Release version May 10, 2001
  • Latest Rapid Release version September 28, 2010 revision 054
  • Initial Daily Certified version May 10, 2001
  • Latest Daily Certified version September 28, 2010 revision 036
  • Initial Weekly Certified release date pending
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Cary Ng

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube