Feeds

Linux worm nobbles Nasa Web site

Ramen on the rampage

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

Ramen, the Red Hat Linux-based Internet worm, has spread into the wild and defaced the Web sites of several different organisation, including a National Aeronautics and Space Administration (Nasa) lab.

Russian anti-virus expert Kaspersky Labs said that Ramen is the first malicious code for Linux to be detected in the wild.

Web sites run by Nasa, Texas A&M University, and Taiwan-based computer hardware maker Supermicro have fallen victim to the worm, causing their sites to become sprayed with electronic graffiti. On each Web server Ramen infects, the main page is replaced with the message: "Hackers looooooooooooove noodles," signed by the "RameN Crew."

The worm's defacement of the site of Nasa's Jet Propulsion Laboratory is mirrored on attrition and can be seen here.

Susan Reichley, a spokeswoman at the Jet Propulsion Laboratory, told The Register that the site had been broken into, but stressed that the problem was fixed in the same day. She said she was unable to answer other questions on the matter for security reasons.

As previously reported, Ramen is a combination of pre-existing scripts which has the ability to spread via the Internet. It penetrates systems running Red Hat Linux versions 6.2 and 7.0. In order to gain access to a computer, the worm exploits three known security loopholes in these particular operating systems. These breaches enable Ramen to take over the root access rights and thereafter execute code on target systems.

These security holes were discovered more than a year ago and Red Hat issued patches. Affected sites had failed to apply the patches - leaving them vulnerable. Information on the patches is available here.

Denis Zenkin, a spokesperson for Kaspersky, said: "The fact that Ramen penetrated into several respected organisations, including Nasa, shows that even the most professional network engineers don't pay enough attention to timely installation of security patches in order to protect their systems. This worries us most, as neglecting basic enterprise security rules can stimulate hackers to develop malicious code for Linux."

Jack Clark, of Network Associates, agreed with this advice but downplayed the overall serious of the worm; his anti-virus firm had received few calls about Ramen infections, he said.

During the eight years or so since Linux was first developed, only around 50 malicious programs affecting the operating system have been discovered, and, until Ramen, none of them spread to damage users' systems. ®

Top 5 reasons to deploy VMware with Tegile

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Internet Security Threat Report 2014
An overview and analysis of the year in global threat activity: identify, analyze, and provide commentary on emerging trends in the dynamic threat landscape.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.