Linux Today: Linux News On Internet Time.

ZDNet/Yahoo: Net worm hobbles Linux servers

Jan 17, 2001, 18:51 (8 Talkback[s])
(Other stories by Robert Lemos)

"An Internet worm cobbled together from generally available hacking tools has compromised hundreds, perhaps thousands, of Linux servers by using two well-known security flaws in applications set up during the default installation of Red Hat Linux software."

"Known as the Ramen worm, the self-spreading program appears to have been created by common Internet vandals--called script kiddies. As of Wednesday morning, the worm was continuing to spread."

"'This is not a very dangerous worm,' said Lance Spitzner, coordinator for the Honeynet Project, a group of well-known security experts who study how hackers attack servers. 'It has a very big signature. It is easy to find. And it doesn't really to do anything destructive.'"

"The worm spreads by scanning the Internet for servers based on Red Hat 6.2 or 7.0 and then attempts to gain access using two common exploits. When it does gain access, it installs a so-called 'root kit,' which patches the security holes and installs special programs that replace common system functions. Ramen also replaces the main page on Web servers with an HTML file claiming: 'RameN Crew--Hackers looooooooooooove noodles.'"

Complete Story

Related Stories: