[ Thanks to Benjamin
D. Thomas for this link. ]
“A self-propagating worm known as Ramen is currently exploiting
well-known holes in unpatched Red Hat Linux 6.2 systems and in
early versions of Red Hat 7.0. In addition to scanning for
additional systems and propagating to vulnerable systems, the worm
also defaces Web servers it encounters by replacing the
“index.html” file. It may also interfere with some networks
supporting multicasting.”
“Ramen is currently known to attack Red Hat systems running
vulnerable versions of wu-ftp, rpc.statd, and LPRng. New exploits
can be added to the existing worm to expand its
capabilities….”
“Ramen combines several known exploits and tools using a set of
scripts. The initial attack starts with a scan for port 21 (FTP)
and the retrieval of any FTP banners for any FTP services it
encounters. The script uses this information to determine if it has
contacted a system that may be vulnerable to one of its packaged
exploits. Currently, Ramen uses the date encountered in the FTP
banner of the system being scanned.”