DOS attacker hits out at Sydney high school

The attack was brought to the attention of ZDNet today, and when contacted the school was oblivious of the vandalism to its site.

With school winter vacation in full force, the attack points to a pupil with too much time on their hands pulling a prank.

The hacker left a message, including expletives, in bright red text on a black background aimed at the US government.

"It's a well-known exploit on Microsoft's Web serving software," technical executive at Vectra Corportation, Damon Wynne, told ZDNet.

All the culprit has to do is replace the default on the index page with the message they're sending.

The software giant released a patch to fix the flaw in November last year, which indicates that -security on that site hasn't been looked after," Wynne said.

There are about 30 different sites using the same exploit at present, he added.

-This is a classic case of thirteen year olds learning how to do it."

• Related stories

• Alerts

Add your opinion

The smug manner in which your ...Bruce Rivendell -- 18/07/01

The smug manner in which your reporter announced that the school did not know about the attack does not sit very well with her lack of understanding of the difference between a Denial of Service attack and Site Defacement!

Pull your socks up ZDNet!

• Reply to comment
• Reply to story
• Report offensive content

Incorrect and Alarmist Reporti ...Anonymous -- 18/07/01

Incorrect and Alarmist Reporting...

This report is unbelievably false. I am amazed that this story ran on ZDNET. Bored teenagers, right...

Some specifics which with the little FACTUAL information presented suggests may actually have occurred:

The server was EXPLOITED by the SADMIND worm. This worm infects both unix and microsoft servers, using the unix boxes as a carrier to attack the microsoft IIS Web Servers. It attempts to attack a large number of systems automatically.

The worm has NO human controller (apart from the initial creator), and relies on WIDELY KNOWN problems, which is the real issue in this story. Unpatched servers are a security risk, and the risk is real.

The suggestion that bored kids (teenagers) launched an attack is likely to be wildly innacurate. And I suggest that the reported made no effort to arrive at a factual conclusion for this story.

I might be wrong, I cant be sure due to the fact the story contained no factual information and a lot of assumptions. This is in no way a quality story.

Im dissapointed. I held ZDNET in higher esteem than this.

For specific SADMIND/IIS information, see:
http://attrition.org/mirror/attrition/2001/05/09/mail.ogd.com/mirror.html

• Reply to comment
• Reply to story
• Report offensive content

This is NOT a DOS attack. Thi ...Paul Snedden -- 18/07/01

This is NOT a DOS attack. This was merely a hack into a website and changing simple html code. DOS attacks (Denial of Service) are completely different. Get your facts and definitions right before you put it in "print"

• Reply to comment
• Reply to story
• Report offensive content

I definitely agree with Greg. ...Anonymous -- 19/07/01

I definitely agree with Greg. The "attack" on the website was not some high school hacker who had changed the default webpage. It was in fact a virus which had been exposed to the web server.

If you were running some virus protection program on your system, you might have noticed that when you browsed the website, you would have received a virus alert, informing you of the type of virus the site had been exposed to.

I doubt very much that some "teenager" would have hacked into the NSGH's website, just so they could post some message about the US goverment. Please! If they wanted to "aim" some message at the US government I'm sure that there would be other sites which would have more of an effect.

A bit more research on web hacking/security risks/VIRUSes would be advisable.

• Reply to comment
• Reply to story
• Report offensive content

Yes, this attack was not a DOS ...Anonymous -- 20/07/01

Yes, this attack was not a DOS attack.

What some people are not aware of is that once a system has been targetted by this type of exploit, it just as easy to use this server as a source of DOS attacks on other servers, by using the same exploit as that targetted by sadmine/IIS

This can easily be found when looking thru the IIS logs for evidence of such attacks, by looking for the string "ping.exe", "cmd.exe" and "root.exe"

It has been my experience that more than individual is looking at the compromised servers. Some attacks are simply worm inititiated, but then some attacks really put out the feelers, and it is obvious it is someone at a keyboard initiating the attack (spelling mistakes, incorrect syntax etc..)

Basically the vulnerable system is used to send out a string similar to this:

"ping.exe -n 9999999 -l 65500 -w 0 ip_address"

This ICMP packet sends a large amount of information to the targetted system, and if used in concert with a full blown DDOS attack, can really bring links down to their knees.

• Reply to comment
• Reply to story
• Report offensive content

A virus scanner would not have ...Anonymous -- 20/07/01

A virus scanner would not have picked up evidence of the site being defaced. There is no active code running on the IIS side of the fence. The sadmine worm targets solaris systems that have not been patched, and this is where the executable code is resident.

• Reply to comment
• Reply to story
• Report offensive content

The existence of a virus attac ...Anonymous -- 22/07/01

The existence of a virus attack was reported by Norton AntiVirus on my computer as Mandy stated earlier.

For the benefit of Damon Wynne, I will include the URL and insert some text on the virus report.

--------------------------------
http://www.symantec.com/avcenter/venc/data/backdoor.sadmind.dr.html , where it says:

The infection can occur in an .html file in the Temporary Internet folder when you go to a Web site that has been compromised by the Backdoor.Sadmind Trojan.
--------------------------------

• Reply to comment
• Reply to story
• Report offensive content

• Just In

• Most Popular

• Most Discussed

Reader Services

Popular Topics

Essentials