New worm appears, but this one's for Unix

Stephen Withers
Friday, 02 March 2007 03:15

Your IT - Home IT

Security vendors are warning of a Unix worm that propagates via a vulnerability in the telnetd program within Solaris.

Known variously as Froot or Wanuk, the worm doesn't just copy itself to vulnerable systems, it also installs a backdoor that gives the attacker full control over the compromised system.

Both x86 and SPARC versions of Sun's Solaris 10 operating system are vulnerable.

"This worm takes advantage of a security hole in Solaris's telnet service that was first disclosed last month," said Graham Cluley, senior technology consultant at Sophos. "Vulnerable businesses would be wise to install the vulnerability fix from Sun, and consider disabling telnet."

Symantec gives this worm and the accompanying backdoor its lowest risk rating.

The most notorious Unix worm was the one created by Robert Morris in 1988. Only rough estimates are available of the number of systems it infected and the cost of the damage it caused, but 6000 and $US10-100 million are the numbers bandied around.