Solaris worm talks its way through Telnet flaw, reports Sophos

IT security and control firm Sophos is warning computer users of all operating systems of the dangers of malware, as an Internet worm that displays offensive messages and cartoon images of talking turkeys is exploiting a recently announced vulnerability on Sun Solaris servers.

The Unix/Froot-A worm (also known as Wanuk) exploits vulnerability in both x86 and SPARC versions of version 10 of Sun's operating system, attempting to open a backdoor which could allow hackers to gain remote access to computers.

"While most attacks today are targeted at computers running Microsoft Windows, businesses running Unix and other operating systems need to take security seriously," says Brett Myroff, CEO of master Sophos distributor, NetXactics.

"This worm takes advantage of a security hole in Solaris's Telnet service that was first disclosed last month. Vulnerable businesses would be wise to install the vulnerability fix from Sun, and consider disabling Telnet."

Under certain conditions the Froot worm can send system broadcast messages via the 'wall' command. These can take a variety of forms, including ASCII art and the phrase: 'Hi, I'm Casper, I am a bored Sun developer and I wrote this piece of code.'

One of the ASCII art messages displays an offensive message and another shows a cartoon of a talking turkey. "However funny this may seem, new malware attacks need to be taken seriously," Myroff says.

It is, however, unlikely that Sun Solaris threats will eclipse the virus problem on Windows anytime soon. "The correct response is to take sensible action to ensure defences are in place, and that software is patched whenever a new vulnerability is announced."

Sophos recommends companies automatically update their corporate virus protection, and run a consolidated solution to defend against viruses, spyware and spam.

For more information and a graphic of the turkey and offensive message, please visit http://www.sophos.com/pressoffice/news/articles/2007/03/froot.html.