The worm attempts to log into systems running Solaris 10, execute a number of commands to plant itself and then spread to other vulnerable computers, Jose Nazario, a senior software engineer at Arbor Networks, wrote on his company's blog Tuesday. Arbor sells network analysis products.
Sun confirmed the threat Wednesday in an updated alert on its Web site. "There is at least one worm in existence that is making use of this exploit to compromise system integrity," Sun warned.
The company has offered a worm-cleaning tool for affected customers.
The worm takes advantage of athat was first disclosed earlier this month. The bug could enable attackers to gain unauthorized access to a system without requiring any action on the part of the user. Sun has released a fix for the flaw and urges users to install it.
The SANS Internet Storm Center, which monitors Internet threats, has noticed some increase in activity on the network port used by Solaris' telnet feature, according to an ISC blog posted Tuesday.
"One hopes that there aren't that many publicly reachable Solaris systems running telnet," ISC staffer Joel Esler wrote.
Telnet was one of the first methods devised to allow system administrators to remotely monitor their networks. The service will usually prompt people for their username and password. However, the Solaris bug could allow an attacker to add additional parameters and connect without a username or password.
Systems with telnet disabled are not vulnerable to this attack.