Worm Exploits Flaw In Computers Running Solaris 10
A computer worm is trying to log into computers running Solaris 10, implementing several commands to install itself and then propagate to other vulnerable systems, said Jose Nazario, Senior Software Engineer, Arbor Networks, in news reported by ZDNet on March 1, 2007. The threat was confirmed by Sun on February 28, 2007 on its website in an updated alert.
The worm exploits a security flaw in the Solaris telnet service, which was first discovered in early March. The worm gives unauthorized access to hackers to a system without needing any action on user's part. Sun has already released a patch for the vulnerability and advices the users to install it on their systems.
According to a blog posting on ISC, dated February 27,2007, the SANS Internet Storm Center, that monitors the Internet risks, has seen a rise in activity on the network port used by Solaris telnet feature.
The Unix/Froot-A worm (or Wanuk) uses flaw in both SPARC and x86 editions of edition 10 of Sun's OS (operating system), trying to expose a backdoor that could let cyber crooks to remotely access the systems.
The telnet demon in Solaris 10 misreads some "-f" sequences as legitimates applications for the login program to avoid verification that lets remote hackers to log into some accounts, as shown by the BIN account.
Joel Esler, an ISC staffer, says one believes that there are not too many publicly accessed Solaris systems operating telnet. irishdev published the statement of Graham Cluley, Senior Technology Consultant, Sophos on March 2,2007 that most of the strikes today are aimed at systems running MS Windows, but it does not mean that other businesses operating on UNIX and other OS need not to take safety issues seriously.
Under certain circumstances, the worm can forward system broadcast messages through the 'wall' command. It can be of any form, including the ASCII code, or the phrase, 'Hi, I'm Casper, I am a bored Sun developer and I wrote this piece of code.'
Sophos advises businesses to update the virus protection automatically, and install a combined solution to protect against spyware, spam and viruses.
Related article: Worm Spreads With Random Subject Lines
» SPAMfighter News - 14-03-2007