“Script kiddies, common Internet vandals, have attacked the Red
Hat Linux community with a new malware threat this week, the Ramen
worm. Ramen exploits several well-known vulnerabilities on Linux
servers using default installations of Red Hat’s Linux 6.2 and 7.0.
Upon infection, Ramen modifies and deletes several files, displays
a visual payload, disables anonymous FTP, and scans random class B
subnets for vulnerable hosts to infect them.”
“Ramen gets its name from a visual payload that appears on the
screen of infected Web servers. Once a Web server is infected the
main page displays a message: “Hackers looooooooooooove noodles,”
signed by “RameN Crew,” with a picture of “Top Ramen” noodles at
the bottom of the screen….”
“The Ramen worm is similar to the Morris Internet worm of 1989.
Morris, whose father was a Unix expert and head of the National
Security Council at the time, reportedly created the Internet worm
to expose Unix vulnerabilities largely ignored by the Internet
community. In this same way, users of Red Hat Linux today are at
risk if they too have ignored important updates and patches to best
secure Linux servers.”