Ramen Has Broken Free!

24 Jan 2001
Virus News

The world's first Linux Internet-worm has been reported "in-the-wild"

Cambridge, UK, January 25, 2001 - Kaspersky Lab, an international data-security software-development company, warns users about the real threat posed by the Ramen Internet-worm. According to recent reports, the worm has already caused several incidents of Web sites in different parts of the world being defaced; therefore, Ramen has become the first malicious code for Linux that has been detected "in-the-wild."

Harking back to when Ramen was originally discovered in the middle of January 2001, we recall that it has the ability to spread via the Internet and penetrates systems running Red Hat Linux versions 6.2 and 7.0. In order to gain access to a computer, the worm exploits three known security breaches in these particular operating systems. These breaches allow Ramen to take over the root access rights and unbeknownst to the user execute its code on the target systems.

During the past several days, Kaspersky Lab has received confirmation of Ramen penetrating into several corporate networks. Among them are the National Aeronautics and Space Administration (NASA), Texas A&M University, and Taiwan-based computer hardware manufacturer Supermicro. These organizations' Web sites have been attacked by a worm causing the Web sites' title pages to appear as follows:

INDEX.HTML

"The discovery of the Ramen worm 'in-the-wild' is a very significant moment in computer history. Previously considered as an absolutely secured operating system, Linux now has become yet another victim to computer malware," said Denis Zenkin, Head of Corporate Communications for Kaspersky Lab. During the past 8 years since Linux was first developed, there have been discovered about 50 malicious programs for this operating system, but none of them had yet to be sighted "in-the-wild."

It is important to emphasize that the aforementioned security breaches were discovered more than half a year ago. Right after this, Red Hat Linux developers immediately released corresponding security patches eliminating the problem. "The fact that Ramen penetrated into several respected organizations, including NASA, shows that even the most professional network engineers don't pay enough attention to timely installation of security patches in order to protect their systems. This worries us most, as neglecting basic enterprise security rules can stimulate hackers to develop malicious code for Linux," adds Denis Zenkin.

Kaspersky Lab recommends users immediately install all the available security patches for the Linux operating system regardless of the Linux distribution you currently use. You can download the patches and read what Red Hat officials have said about the Ramen worm at the following address: http://www.redhat.com/support/alerts/ramen_worm.html.

More detailed technical information about the Ramen Internet-worm can be found in Kaspersky Virus Encyclopedia at www.viruslist.com.

Kaspersky Anti-Virus, including a version for Linux, can be purchased in Kaspersky Lab online store or from your nearest Kaspersky Anti-Virus distributor.