[setup] Fwd: [AntiVirusClub] RED HAT LINUX RAMEN WORM FOUND IN THE WILD

Thu, 18 Jan 2001 01:24:47 -0800 

This is a forwarded message
From: Eko Sulistiono <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Thursday, January 18, 2001, 7:47:55 AM
Subject: [AntiVirusClub] RED HAT LINUX RAMEN WORM FOUND IN THE WILD

===8<==============Original message text===============
RED HAT LINUX RAMEN WORM FOUND IN THE WILD

Today a worm found its way into Internet webservers running Red Hat
Linux versions 6.2 or 7.0. The worm installs root kits and modifies the
website's index.html files (homepages) with the imaginative slogan
"RameN Crew-Hackers looooooooooooove noodles."

Called the Ramen worm, the crack is cobbled together using software
tools that are publicly available on the net.

Network administrators who have installed Red Hat's security updates
won't be affected by the Ramen worm. The patches have been posted on Red
Hat's sites since October.

The worm targets Red Hat 6.2 systems running an exploitable RPC.statd
service or a vulnerable wu-FTP, and Red Hat 7.0 systems running a
vulnerable LPRng.

The worm does not appear to do any significant damage.  It spreads by
using synscan to scan the Internet for servers and then uses two common
exploits to gain access. Once in, it establishes a minimal HTTP/0.9
server on port 27374 -- a common Windows Trojan port-to transmit copies
of itself.  Interestingly, it then closes the security hole through
which it entered the system.

--
Eko Sulistiono
MIKRODATA Magazine
Web: http://www.mikrodata.co.id/
WAP: http://www.mikrodata.co.id/wap/index.wml

This message contains no viruses. Guaranteed by AVP
ftp://ftp.mikrodata.co.id/avirus_&_security/AntiViral_Toolkit_Pro/avp30.zip


To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]



===8<===========End of original message text===========



-- 
Best regards,
 S                            mailto:[EMAIL PROTECTED]



--------------------------------------------------------------------------
Utk berhenti langganan, kirim email ke [EMAIL PROTECTED]
Dapatkan FAQ milis dg mengirim email kosong ke [EMAIL PROTECTED]
Informasi arsip di http://www.linux.or.id/milis.php3
Pengelola dapat dihubungi lewat [EMAIL PROTECTED]

Kirim email ke