“Basically, the Ramen worm looks for RPC.statd and wu-FTP
vulnerabilities in Red Hat 6.2 and 7.0 — vulnerabilities that are
well-known in the Linux security community. After gaining access to
the system, Ramen fixes the hole, replaces some basic system files,
and puts up a new index page that says “RameN Crew–Hackers
looooooooooooove noodles.” It then notifies a Web-based email
account of the successful intrusion.”
“Not that this worm is really dangerous. Sure, the security
companies and the consultants have lept upon this worm as something
really dangerous, but they’re just trying to drum up a little
business. (The more authoratative and unbiased CERT, the Computer
Emergency Response Team at Carnegie-Mellon, hasn’t even bothered to
send out an advisory.) I spend a fair amount of time surfing the
Web, and I haven’t seen a single instance of this worm in action.
Similarly, the talkbacks on Linux Today haven’t yielded a single
instance of anyone claiming to be hit by this worm. So I really
question how widespread this worm really is.”
“Not that it matters. In many ways, this worm will probably end
up being good news for Linux system administrators. For those who
didn’t know about the many security holes present in a default
Linux distribution, it will cause them to address them upon
installation and configuration of a new system. Yes, these holes
exist, and the next time around the worm may do some actual damage
instead of just overwriting the index page. Security should always
be paramount when setting up a Linux server or desktop, and this
limited worm should be proof enough that closing down security
holes and setting up firewalls should be mandatory for any computer
user, not just Linux users.”