Linux worm hits NASA, others
- By Dan Caterinicchia, Dan Caterinicchia
- Jan 25, 2001
More info and a sample defaced page
Government, educational and commercial institutions worldwide, including
NASA and Texas A&M University, have been hit by the first public, malicious
code for the Linux operating system.
And perhaps even more alarming is the
fact that security patches to prevent the worm from spreading have been
available for five months, according to Kaspersky
Lab, a data-security software-development company.
The Ramen Internet worm has caused several Web sites around the globe
to be defaced. These organizations' Web sites have been attacked by the
worm, which causes the sites' title pages to appear with:
- A "RameN Crew" headline across the top.
- The saying, "Hackers looooooooooooooooove noodles" in the middle.
- "This site powered by Top Ramen," with a logo for the product, across
the bottom.
Nissin Foods produces Ramen food products, including the popular Top
Ramen and Cup Noodles.
"At the moment only one machine was compromised by it," said Tom Putnam,
director of computing and information services at Texas A&M. The worm
exploits the FTP to get in, he said, adding that FTP capability is blocked
by the school's firewall on most of A&M's systems, including the infected one.
Putnam
said the university has more than 26,000 IP locations and therefore one
machine being hit by the worm did not cause much alarm. "It was a departmental
Web server for one of our academic departments," he said. "We have a full-time
staff that does nothing but track people doing scans, trying to exploit
things or creating worms and viruses. This is very low-profile in the overall
scheme of things."
Repeated attempts to reach representatives at NASA and Nissin were unsuccessful.
The Ramen worm has the ability to spread via the Internet and penetrate
systems running Red Hat Linux versions 6.2 and 7.0. In order to gain access
to a computer, the worm exploits three known security breaches in the operating
systems. The breaches allow the Ramen worm to take over the root access
rights and, unbeknownst to the user, execute its code on the target systems.
Red Hat discovered the security breaches last year and developers released
corresponding patches to eliminate the problem in September. The patches
can be downloaded at www.redhat.com/support/alerts/ramen_worm.html.
During the past several days, Kaspersky Lab received confirmation of
Ramen penetrating several networks, including those at NASA, Texas A&M
and a Taiwan-based computer hardware manufacturer.
The discovery of the
Ramen worm "in the wild" is a significant moment in computer history, said
Denis Zenkin, head of corporate communications for Kaspersky Lab.
Previously considered as an absolutely secure operating system, Linux
now has become another victim to computer "malware," he said. During the
eight years since Linux was first developed, about 50 malicious programs
have been discovered for the operating system, but none had been sighted
"in the wild."
"The fact that Ramen penetrated into several respected organizations,
including NASA, shows that even the most professional network engineers
don't pay enough attention to timely installation of security patches in
order to protect their systems," Zenkin said in a release. "This worries
us most, as neglecting basic enterprise security rules can stimulate hackers
to develop malicious code for Linux."