Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Solaris worm?

Published: 2007-02-27
Last Updated: 2007-02-28 16:28:04 UTC
by Joel Esler (Version: 2)
0 comment(s)
We have received a report today from our friend Jose over at Arbor, pointing us to this article

Looks like a netrange over in France is scanning around for port 23.  Read the article for further details about the "worm".

We checked our data here at the Storm Center and it appears we have similar traffic from the same net ranges. 

High number of targets, but low number of sources also reflects that.  Check it out

Joel Esler
http://handlers.sans.org/jesler/

Update (Arrigo): as of 13:00 UTC the sources number 102 which is still rather low, one hopes that there aren't that many publicly reachable Solaris systems running telnet.

UPDATE:2 (Joel):  Looks like Sun has released a "worm clean up" script.  Check it out at http://blogs.sun.com/security/entry/solaris_in_telnetd_worm_seen
Keywords:
0 comment(s)
Diary Archives