Linux Today: Linux News On Internet Time.

Security Portal: SANS Flash Alert: the Hunt For Solaris Trojans

Jan 05, 2000, 00:14 (4 Talkback[s])

"... Sun computers have been infected with Trojan horse software (trojans, for short) using such tools as trinoo, TFN, TFN2000, or stacheldraht which is German for barbed wire."

"These trojans are controlled by master computers using various communications channels. The infected machines are used as a collective force (reports range upward from 230 acting together) to attack other sites and close them down. These attacks have succeeded in flooding out both large and small sites. The trojans are being installed continuously - with attackers coming back time and again looking for new computers to compromise. Several universities found them installed on multiple computers. Attackers appear to have constructed relatively complete maps of the computers at the sites they are attacking."

"... though Solaris is the current focus of these attackers, they will soon turn to NT and Linux and other UNIX variants. Take this opportunity to close the holes there as well. That?s a great deal cheaper and less embarrassing than nuking the system and reinstalling all the software after an infestation."

Complete story.