Feeds

Linux worm nobbles Nasa Web site

Ramen on the rampage

  • alert
  • submit to reddit

Top 5 reasons to deploy VMware with Tegile

Ramen, the Red Hat Linux-based Internet worm, has spread into the wild and defaced the Web sites of several different organisation, including a National Aeronautics and Space Administration (Nasa) lab.

Russian anti-virus expert Kaspersky Labs said that Ramen is the first malicious code for Linux to be detected in the wild.

Web sites run by Nasa, Texas A&M University, and Taiwan-based computer hardware maker Supermicro have fallen victim to the worm, causing their sites to become sprayed with electronic graffiti. On each Web server Ramen infects, the main page is replaced with the message: "Hackers looooooooooooove noodles," signed by the "RameN Crew."

The worm's defacement of the site of Nasa's Jet Propulsion Laboratory is mirrored on attrition and can be seen here.

Susan Reichley, a spokeswoman at the Jet Propulsion Laboratory, told The Register that the site had been broken into, but stressed that the problem was fixed in the same day. She said she was unable to answer other questions on the matter for security reasons.

As previously reported, Ramen is a combination of pre-existing scripts which has the ability to spread via the Internet. It penetrates systems running Red Hat Linux versions 6.2 and 7.0. In order to gain access to a computer, the worm exploits three known security loopholes in these particular operating systems. These breaches enable Ramen to take over the root access rights and thereafter execute code on target systems.

These security holes were discovered more than a year ago and Red Hat issued patches. Affected sites had failed to apply the patches - leaving them vulnerable. Information on the patches is available here.

Denis Zenkin, a spokesperson for Kaspersky, said: "The fact that Ramen penetrated into several respected organisations, including Nasa, shows that even the most professional network engineers don't pay enough attention to timely installation of security patches in order to protect their systems. This worries us most, as neglecting basic enterprise security rules can stimulate hackers to develop malicious code for Linux."

Jack Clark, of Network Associates, agreed with this advice but downplayed the overall serious of the worm; his anti-virus firm had received few calls about Ramen infections, he said.

During the eight years or so since Linux was first developed, only around 50 malicious programs affecting the operating system have been discovered, and, until Ramen, none of them spread to damage users' systems. ®

Internet Security Threat Report 2014

More from The Register

next story
BIG FAT Lies: Porky Pies about obesity
What really shortens lives? Reading this sort of crap in the papers
Be real, Apple: In-app goodie grab games AREN'T FREE – EU
Cupertino stands down after Euro legal threats
Assange™ slumps back on Ecuador's sofa after detention appeal binned
Swedish court rules there's 'great risk' WikiLeaker will dodge prosecution
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.