A friend of mine – we’ll call him Mr.B for convenience sake – had consulted with me about this message he saw on his Solaris machine. An ASCII-art of a teddy bear came up with a message: please hug me, fu**er! All of a sudden some other telnet sessions were invoked and that scared the sh!t outta my friend! He shut off the machine but not before he took a screengrab and forwarded the same to me.
Now I am no security whiz or an hacking expert but I do know where to get some relevant information from and of course how to get it 😎 So some hi-tech digging later, it was found to be the handiwork of the ELF_WANUK.A virus that takes advantage of a known vulnerability in Sun Solaris. The moot point here was the fact that the virus, when executed on the 13th of the month, sends out a random message to all logged-in users on a telnet session. And this was the exact same message that my friend had received on his Solaris box……proof that the ELF_WANUK.A malware was loose amidst his network. And yesterday was the 13th of May!!! Poor guy…almost fainted with the shock! Of course, he was relieved after I’d told him all of the above but the conceited individual he is, he’s no doubt pushing across this information to his network admins as his own findings! Sigh!
More Information about this virus can be found on this Trend Micro page.