Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Linux worm uses its noodle

Linux worm uses its noodle

by Phiber on January 19th, 2001 An Internet worm cobbled together from pre-existing scripts is spreading rapidly through Red Hat Linux systems, leaving in its wake a trail of defaced web pages touting the virtues of oriental noodles. The so-called 'Ramen' worm is a bulky, but effective, collection of hacking tools rolled up into a package. A modified scanning program searches broad swaths of the Internet for Red Hat Linux versions 6.2 and 7.0 installations. The scanner then launches attacks against those machines with publicly available exploits of three known vulnerabilities and spreads into each crackable box.


On Red Hat 6.2 systems, the worm exploits vulnerabilities in wu-ftpd and rpc.statd. On version 7.0, it attacks LPRng. Detailed information on fixing all three holes can be found in SecurityFocus's vulnerability database (see insert).
The worm's strategy is not dissimilar to that employed by the 1988 Morris worm, the most successful self-propelled contagion to date. But unlike the Morris worm, on every system Ramen penetrates it promptly kills the service that allowed it to break in -- thus preventing the kind of multiple infection that caused the Morris worm to grind infected computers into seizure.
But while the Morris worm was an academic exercise gone horribly wrong, Ramen serves a decidedly sophomoric end: On every web server it infects, it replaces the main web page with the message "Hackers looooooooooooove noodles," signed by the "RameN Crew."

SecurityFocus


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »