Linux worm nobbles Nasa Web site

Ramen on the rampage

Ramen, the Red Hat Linux-based Internet worm, has spread into the wild and defaced the Web sites of several different organisation, including a National Aeronautics and Space Administration (Nasa) lab.

Russian anti-virus expert Kaspersky Labs said that Ramen is the first malicious code for Linux to be detected in the wild.

Web sites run by Nasa, Texas A&M University, and Taiwan-based computer hardware maker Supermicro have fallen victim to the worm, causing their sites to become sprayed with electronic graffiti. On each Web server Ramen infects, the main page is replaced with the message: "Hackers looooooooooooove noodles," signed by the "RameN Crew."

The worm's defacement of the site of Nasa's Jet Propulsion Laboratory is mirrored on attrition and can be seen here.

Susan Reichley, a spokeswoman at the Jet Propulsion Laboratory, told The Register that the site had been broken into, but stressed that the problem was fixed in the same day. She said she was unable to answer other questions on the matter for security reasons.

As previously reported, Ramen is a combination of pre-existing scripts which has the ability to spread via the Internet. It penetrates systems running Red Hat Linux versions 6.2 and 7.0. In order to gain access to a computer, the worm exploits three known security loopholes in these particular operating systems. These breaches enable Ramen to take over the root access rights and thereafter execute code on target systems.

These security holes were discovered more than a year ago and Red Hat issued patches. Affected sites had failed to apply the patches - leaving them vulnerable. Information on the patches is available here.

Denis Zenkin, a spokesperson for Kaspersky, said: "The fact that Ramen penetrated into several respected organisations, including Nasa, shows that even the most professional network engineers don't pay enough attention to timely installation of security patches in order to protect their systems. This worries us most, as neglecting basic enterprise security rules can stimulate hackers to develop malicious code for Linux."

Jack Clark, of Network Associates, agreed with this advice but downplayed the overall serious of the worm; his anti-virus firm had received few calls about Ramen infections, he said.

During the eight years or so since Linux was first developed, only around 50 malicious programs affecting the operating system have been discovered, and, until Ramen, none of them spread to damage users' systems. ®

Sponsored: 5 critical considerations for enterprise cloud backup