Sun Strikes Back at Worm Targeting Telnet Bug
The worm exploits a flaw in Suns Telnet service that was uncovered earlier in February. The bug gives an attacker unauthorized remote access to the system by circumventing the log-in process.
"The worm attempts to log in to your systems as the users lp or adm and execute a bunch of shell commands," Jose Nazario of Arbor Networks, based in Lexington, Mass., posted Feb. 28 on the companys blog.
If the attack is successfully launched, the hacker would gain the users privileges on the system.
Andrew Storms, director of IT at nCircle Network Security, in San Francisco, said few businesses need to be concerned with the worm, but college campuses may be susceptible.
"From an enterprise perspective, most people seem to find humor in this vulnerability," he said. "Telnet simply isnt something used anymore, and disabling the daemon is right near the top of anyones security checklist. In fact, I cant think of any modern operating system in the last 5 years that has the Telnet daemon on by default."
"If the worm were to have any potential," he continued, "it will be in academia. Many campuses still permit Telnet. The best defense if you do run Telnet is to begin with discovery. Youll want to determine every system running Telnet and next prune that list down to Solaris systems, then patch them quickly."
The inoculation script can be run locally on an infected system as the root user, to remove the worm and prevent reinfection by disabling the Telnet service.
Editors Note: This story was updated to include additional analyst comments.