Security Portal: SANS Flash Alert: the Hunt For Solaris Trojans

“… Sun computers have been infected with Trojan horse software
(trojans, for short) using such tools as trinoo, TFN, TFN2000, or
stacheldraht which is German for barbed wire.”

“These trojans are controlled by master computers using various
communications channels. The infected machines are used as a
collective force (reports range upward from 230 acting together) to
attack other sites and close them down. These attacks have
succeeded in flooding out both large and small sites. The trojans
are being installed continuously – with attackers coming back time
and again looking for new computers to compromise. Several
universities found them installed on multiple computers. Attackers
appear to have constructed relatively complete maps of the
computers at the sites they are attacking.”

“… though Solaris is the current focus of these attackers,
they will soon turn to NT and Linux and other UNIX variants. Take
this opportunity to close the holes
there as well. That?s a
great deal cheaper and less embarrassing than nuking the system and
reinstalling all the software after an infestation.”