A number of Websites were defaced by this worm. Check your patches. http://www.securitywatch.com/newsforward/default.asp?AID=7476 ....Sadmind/IIS, which automatically slithers into Solaris and Microsoft IIS machines, has claimed a site associated with British TV news gang ITN. As per its payload, the worm revamped the site's home page to curse hacker PoizonBOx and the American government.......... According to The Register, it is the first major reported hack that uses the worm.........is programmed to sneak into a Solaris 7 based system, using an old sadmind buffer overflow trick. Having root access, it automatically uses a folder traversal hole to take over IIS machines. Read the CERT advisory: http://www.cert.org/advisories/CA-2001-11.html. Stephen Petri Enterprise Architect UNIFIED Technologies, Inc.