ELF_WANUK.A Virus – attacks on the 13th of the Month

A friend of mine – we’ll call him Mr.B for convenience sake – had consulted with me about this message he saw on his Solaris machine. An ASCII-art of a teddy bear came up with a message: please hug me, fu**er! All of a sudden some other telnet sessions were invoked and that scared the sh!t outta my friend! He shut off the machine but not before he took a screengrab and forwarded the same to me.

Now I am no security whiz or an hacking expert but I do know where to get some relevant information from and of course how to get it😎 So some hi-tech digging later, it was found to be the handiwork of the ELF_WANUK.A virus that takes advantage of a known vulnerability in Sun Solaris. The moot point here was the fact that the virus, when executed on the 13th of the month, sends out a random message to all logged-in users on a telnet session. And this was the exact same message that my friend had received on his Solaris box……proof that the ELF_WANUK.A malware was loose amidst his network. And yesterday was the 13th of May!!! Poor guy…almost fainted with the shock! Of course, he was relieved after I’d told him all of the above but the conceited individual he is, he’s no doubt pushing across this information to his network admins as his own findings! Sigh!

More Information about this virus can be found on this Trend Micro page.

3 thoughts on “ELF_WANUK.A Virus – attacks on the 13th of the Month

  1. Hey! Today I have removed another worm from moi system named “sujin.com.np” which came from some USB flash drive.

  2. My network admin got this abt ELF much bfore i sent him tht.

  3. Ah! He must be as smart (if not smarter than) Me😎

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s