Researchers witnessed the attack when one intruder broke into a Solaris server under intense observation as part of the Honeynet Project, an initiative to develop ways to turn spare computers into digital fly traps to study and document actual Internet attacks.
"One of our honey pots got whacked with it," said Lance Spitzner, project manager for the Honeynet Project. "As far as we know, it was the first time we saw (this flaw) used in the wild."
The flaw, commonly referred to as a "buffer overflow," allows a specially crafted packet of Internet data to cause a computer to give an online vandal full access to its capabilities. In this particular instance, a component of Solaris used to remotely run applications contained a buffer overflow, and an attacker found the weakness, Spitzner said.
"The bad guy accessed our system, downloaded a back door, and made it so he could log in anytime he wanted," he said. "Then, he logged in a couple days later and loaded a denial-of-service tool to attack several online chat servers."
Denial-of-service, or DoS, attacks attempt to overload or crash a computer, thus making it inaccessible.
The Computer Emergency Response Team, or CERT, Coordination Centre, an online security watchdog, first reported the vulnerability last November.
On Monday, the group posted an advisory about the use of the flaw, adding that administrators should install the patch from Sun, limit access to the vulnerable service, or disable the service.
Solaris is Sun's proprietary variant of the Unix operating system. Last October, the FBI published a list of flaws that affected major operating systems, including Solaris.
