"The worm is dangerous in that it is an automated tool that exploits widely known vulnerabilities," said Honeynet's Spitzner. "Since it is automated, it can quickly scan for and exploit vulnerable systems at an exponential rate (that makes) the most dangerous element of this worm bandwidth consumption."Yet again we see a worm or virus taking advantage of machines that haven't been secured properly. One would have thought a server's default installationd would be secure, but with an unpatched Red Hat this isn't the case.
Spitzner also said the worm could have been far more dangerous. "It leaves very easy-to-identify signatures on the compromised system, making it very simple to find. It appears to do little damage to the system itself, only replacing a Web page and creating a small Web instance for self-replication."
"It's a lack of awareness," said Lance Spitzner, coordinator for the Honeynet Project, a group of well-known security experts who study how hackers attack servers. "Not enough people are taking measures to secure the default installations.I'm not sure if the feeling at the pit of my stomach is due to another demonstration of how insecure the net can be... or if thinking about Ramen is just making me hunrgy. In either case, thanx to DiMaestro for ringing the bell on this one.
"Most default installations are insecure," he stressed.