Site Defacers Mining A New Vein In AIX
Microsoft's Windows operating system remains the overwhelming favorite target of Web
site defacers, but a relatively obscure Unix variant from IBM is all the rage with homepage
vandals.
Until recently, sites running AIX, a commercial operating system from IBM that is based on
Unix, barely made a blip on the radar of the Alldas defacement archive service. Of the
more than 22,000 homepages defaced in the past 18 months, just 47 sites, or less than 1
percent, have been running AIX. Windows, on the other hand, accounts for 65 percent of
defacements, according to Alldas.
But 32 of those AIX intrusions have occurred in the past three days.
Among the victims, ironically, was an IBM corporate Web site in Indonesia. On Saturday,
the defacers, a group called Savvy Crew, changed the site's homepage by adding the
messages "In Linux We Trust" and "SavvyCrew did penetrate this lame IBM server."
The rise in AIX defacements has occurred almost simultaneously with the release of
several new programs that exploit old flaws in the operating system, according to Zillion,
one of the operators of the Safemode defacement information site.
Over the weekend, a hacking tools site known as hack.co.za posted three dozen exploits
that target security bugs in AIX, including six that can be run by a remote attacker. The
new listings consist of tools authored by a group of Polish security engineers that call
themselves Last Stage of Delirium Research Group or LSD.
Earlier this month, IBM warned users that some versions of AIX may be vulnerable to a
serious Telnet bug discovered this summer, which affects many operating systems and
network devices built on software from BSDI.
According to the Netcraft Web server research site, other companies using AIX include
American Express, Prudential, and the New York Stock Exchange.
A mirror of the IBM defacement is at
http://www.safemode.org/mirror/2001/08/17/www.ibm.net.id .
IBM's page on AIX security is at
