This topic was published by DevynCJohnson and viewed 2438 times since "". The last page revision was "".
- Posts
Solaris, like any operating system, is susceptible to malware. However, since Solaris is not as common as Windows, there are not as many viruses for Solaris as there are Windows-viruses. Although, since Solaris is commonly used for some types of servers, some black-hat hackers still have enough motivation to write malware for Solaris.
Of all of the Solaris malware, a piece of malware called "Sadmind" is the one most worth mentioning. Sadmind is a computer worm written in Perl and Unix Shell. This worm could infect both Solaris and Windows IIS servers (WIN2000 and NT). The malware entered the computer through port 111. Specifically, the worm got on Solaris computers and attacked Windows IIS servers from the Solaris server. The worm would change webpages on the Windows IIS servers. The main purpose was to deface websites. Interestingly, the worm is meant to harm the Windows servers, not the Solaris server.
sadmind Wanuk is another Solaris worm. This one took advantage of the "Sun Solaris TelNet Remote Authentication Bypass vulnerability". The worm would use "adm" and "lp" as its username to perform its tasks. The worm is compatible for both SPARC and Intel processors since the worm included a file for each architecture. The malware files placed themselves under /var/adm/sa/.adm/ and detected the system type to know whether to execute the SPARC file or the Intel file. The worm only executes itself on the 13th of every month and then post various messages on the "wall" (/usr/sbin/wall). The worm is annoying rather than destructive.
Antivirus software is available for Solaris. However, many Solaris admins (like Linux admins) do not use virus scanners since malware is so rare on Solaris.
Further Reading
- Sadmind - http://malware.wikia.com/wiki/Sadmind & http://www.noh.ro/craiu.com/papers/papers/sadmind.html
- Wanuk - https://www.f-secure.com/v-descs/worm_solaris_wanuk_a.shtml
Attachments:
