Solaris worm?
We have received a report today from our friend Jose over at Arbor, pointing us to this article.
Looks like a netrange over in France is scanning around for port 23. Read the article for further details about the "worm".
We checked our data here at the Storm Center and it appears we have similar traffic from the same net ranges.
High number of targets, but low number of sources also reflects that. Check it out
Joel Esler
http://handlers.sans.org/jesler/
Update (Arrigo): as of 13:00 UTC the sources number 102 which is still rather low, one hopes that there aren't that many publicly reachable Solaris systems running telnet.
UPDATE:2 (Joel): Looks like Sun has released a "worm clean up" script. Check it out at http://blogs.sun.com/security/entry/solaris_in_telnetd_worm_seen
Looks like a netrange over in France is scanning around for port 23. Read the article for further details about the "worm".
We checked our data here at the Storm Center and it appears we have similar traffic from the same net ranges.
High number of targets, but low number of sources also reflects that. Check it out
Joel Esler
http://handlers.sans.org/jesler/
Update (Arrigo): as of 13:00 UTC the sources number 102 which is still rather low, one hopes that there aren't that many publicly reachable Solaris systems running telnet.
UPDATE:2 (Joel): Looks like Sun has released a "worm clean up" script. Check it out at http://blogs.sun.com/security/entry/solaris_in_telnetd_worm_seen
Keywords:
0 comment(s)
×
Diary Archives
Comments