No, not the 5th food group, but rather a nasty worm cooked up to attack Red Hat Linux servers. According to this article over at ZDNet, Ramen is turning some heads. While the worm only targets machines running Red Hat 6.2 and 7.0, it’s capable of clogging regions of the internet with searches for unsecured machines. It won’t kill the server, but it’s a nasty way to find out the box has security holes.
“The worm is dangerous in that it is an automated tool that exploits widely known vulnerabilities,” said Honeynet’s Spitzner. “Since it is automated, it can quickly scan for and exploit vulnerable systems at an exponential rate (that makes) the most dangerous element of this worm bandwidth consumption.”
Spitzner also said the worm could have been far more dangerous. “It leaves very easy-to-identify signatures on the compromised system, making it very simple to find. It appears to do little damage to the system itself, only replacing a Web page and creating a small Web instance for self-replication.”
Yet again we see a worm or virus taking advantage of machines that haven’t been secured properly. One would have thought a server’s default installationd would be secure, but with an unpatched Red Hat this isn’t the case.
“It’s a lack of awareness,” said Lance Spitzner, coordinator for the Honeynet Project, a group of well-known security experts who study how hackers attack servers. “Not enough people are taking measures to secure the default installations.
“Most default installations are insecure,” he stressed.
I’m not sure if the feeling at the pit of my stomach is due to another demonstration of how insecure the net can be… or if thinking about Ramen is just making me hunrgy. In either case, thanx to DiMaestro for ringing the bell on this one.