You are correct. The sadmin worm infects a sun box and then launches a unicode attack against any web server it finds. It only propagates through the sun side. The is however a different version. The original had fuck usa government. -dan jason wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > correct me if I'm wrong, but the sadmind worm will infect solaris > sadmind, then look to infect iis. the iis infection is just a > defacement and no propigation code is on the iis server. If what > we're seeing is an infected iis box, scanning to infect someone else, > this would be new. > > If I'm off my rocker, someone hit me. > > Jason Potopa > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Aug 01 2001 - 14:50:43 PDT