Risk Impact Of Security Vulnerability Resulting From Worm Exploit Rated As High
Symantec's Intrusion Prevention, Vulnerability Assessment and AntiVirus Solutions Detect and Prevent Sadmind/IIS Worm,
Protecting Critical E-mail and Web Servers
AUCKLAND - May 14, 2001- Symantec Corp. (Nasdaq: SYMC) today announced its security solutions protect customers against
a highly sophisticated hacking effort that uses a worm to exploit a known vulnerability. Symantec's NetProwler,
Enterprise Security Manager (ESM) and Norton AntiVirus provide detection for and protection against the sadmind/IIS
worm.
"What is interesting about this attack is that the worm itself is not the main threat, it is the vulnerability exploited
by that worm that can really cause significant damage," said David Banes, Regional Manager, Symantec AntiVirus Research
Center (SARC). "Unpatched operating system holes are one of the most common ways to break into an organization's network
- and using a worm to break into the system is becoming more and more common."
Sadmind/IIS is the latest worm designed to attack unpatched versions of Microsoft Internet Information Server (IIS)
versions 4.0 and 5.0 Web servers and unpatched versions of Solaris 7 or lower. The Sadmind/IIS worm exploits a buffer
overflow vulnerability in the Sadmind program used to remotely control system administration on Solaris operating
systems. Once the Solaris system is compromised, the worm searches for Microsoft systems running IIS Web server v. 4.0
or v. 5.0, where it defaces the targeted Web page. The worm further scans to identify other Solaris systems to
compromise.
Exploiting server vulnerabilities can result in hackers gaining remote administrator access. This level of access can
enable any level of hacker to wreak havoc on systems such as Solaris and IIS, which are commonly used as the internal
backbone for an organization's e-mail and Web servers.
"The Sadmind/IIS worm takes advantage of a two-year old security hole in Solaris, which has since been fixed," Banes
said. "The majority of hacking attempts could be thwarted if companies made sure they kept their systems up-to-date and
enforced a sound security policy. ESM, NetProwler and Norton AntiVirus ensure corporations are alerted to and protected
against both the Solaris and IIS exploits, keeping Symantec's customers ahead of this latest vulnerability."
Symantec's award-winning intrusion prevention, vulnerability assessment and anti-virus solutions, NetProwler, Enterprise
Security Manager (ESM) and Norton AntiVirus, work in concert to detect and protect against the Sadmind/IIS worm and
associated exploits. Symantec currently offers an ESM patch and registry templates, as well as NetProwler Security
Updates and Norton AntiVirus signatures to protect against the Sadmind/IIS worm. These can be downloaded from
http://www.symantec.com/avcenter/security/Content/2001_05_11.html . Additionally, hot fixes can be downloaded directly from Microsoft's TechNet Security page, at
http://www.microsoft.com/technet/security/bulletin/MS01-023.asp or from Sun Microsystems from the Sun Security Bulletin #00191: http://sunsolve.sun.com/pub-cgi/retrieve.pl?
doctype=coll=secbull/191=0=sec.sba . Symantec Enterprise Solutions Symantec customers worldwide utilize the award-winning ESM to automatically check,
manage and enforce sound security practices across the enterprise, including workstations, file servers, Web servers,
and other key Internet access points worldwide. Through ESM's sophisticated file monitoring and host-based assessment
capabilities, customers can proactively manage and detect the Sadmind/IIS worm and many other threats as part of a
comprehensive security policy. ESM's startup FileWatch module detects running services in violation of an organization's
security policy, and the password strength module detects inadequate passwords. The FileWatch and file attributes
modules of ESM track changes and security settings in critical files that are exploited in the majority of Internet
attacks to enable the customer to quickly respond and rectify potential security threats. NetProwler, Symantec's network
intrusion detection system, can identify and terminate malicious activity on a network in real time. NetProwler's
Security Update 5 (SU5) can detect attacks to the Windows 2000 IIS 5.0 Server and SU6 detects attack attempts to the Sun
Solaris operating system via the Sadmind worm vulnerability. Both SU's are downloaded using its auto update feature.
NetProwler streamlines the process of implementing, maintaining and enhancing real-time network intrusion detection for
network managers grappling with changing, open networks and the stringent security requirements of e-business. While
some other IDS solutions require a system shutdown during updates, NetProwler's active updating enables companies to
securely update new signatures in real-time with no interruption of system defenses. Additionally, Norton AntiVirus
definitions are available to detect the Sadmind/IIS worm. Symantec's Norton AntiVirus Corporate Edition provides
enterprise-class protection at the desktop and file/print server tiers of the corporate network. The release of
Symantec's Norton AntiVirus Corporate Edition 7.5 introduces customers to the Digital Immune System, a Web-based
closed-loop automation technology designed to quickly and automatically handle flood conditions caused by today's
rapidly spreading Internet-borne viruses. Symantec Enterprise Security ESM, NetProwler and Norton AntiVirus are key
components of Symantec Enterprise Security that provides any size organization with the technology, global response and
services necessary to manage its information security. Symantec's comprehensive solution offers best-of-breed products
to protect gateways, servers, and clients with virus protection, firewall security, intrusion detection and
vulnerability management. Customers benefit from Symantec's global network of researchers that provide customers with
around-the-clock, immediate response to any new security-related attacks. Symantec Enterprise Security customers are
also supported by Symantec Security Services, which offers security consulting, education, and implementation as well as
managed security services. For more information, please visit Symantec's enterprise Web site at http://enterprisesecurity.symantec.com