According to a couple of monitoring sources there is an elevated level of activity targeting the Telnet port which started over the last 24 to 36 hours. It seems too there are rumblings of a Solaris Worm on the loose. 

There are only a few details at the moment of the worm, mainly from a single source. Arbor Networks have been detailing the activity here in a brief analysis they have undertaken. Based on the details released by Arbor the worm is cross platform and is targeting both SPARC and x86 versions of Solaris 10. It is using the recently discovered Solaris Telnet vulnerability to compromise systems before dropping itself onto a compromised host before moving on.

Much of the activity that has been spotted by the monitoring sources has originated from a netblock in France. It seems that even the guys at Sun have seen the worm on the loose too and have released a clean up script for the nasty here.

So as a little reminder if your running Solaris and have Telnet running, please ensure you have the patch applied as detailed here. 

Add this page to your favorite Social Bookmarking websites