“An Internet worm cobbled together from generally available
hacking tools has compromised hundreds, perhaps thousands, of Linux
servers by using two well-known security flaws in applications set
up during the default installation of Red Hat Linux software.”
“Known as the Ramen worm, the self-spreading program appears to
have been created by common Internet vandals–called script
kiddies. As of Wednesday morning, the worm was continuing to
spread.”
“‘This is not a very dangerous worm,’ said Lance Spitzner,
coordinator for the Honeynet Project, a group of well-known
security experts who study how hackers attack servers. ‘It has a
very big signature. It is easy to find. And it doesn’t really to do
anything destructive.'”
“The worm spreads by scanning the Internet for servers based on
Red Hat 6.2 or 7.0 and then attempts to gain access using two
common exploits. When it does gain access, it installs a so-called
‘root kit,’ which patches the security holes and installs special
programs that replace common system functions. Ramen also replaces
the main page on Web servers with an HTML file claiming: ‘RameN
Crew–Hackers looooooooooooove noodles.'”