First Successful Linux Virus Reported

21 Comments

Kaspersky Lab, the Russian anti-virus specialist, has warned about a
new Internet worm that attacks Linux-based computers.

The worm, which executes under Red Hat Linux, is called Ramen, and
represents a surprise for what had been considered to be one of the
most protected platforms available today.

Kaspersky said that Ramen, which affects Red Hat Linux 6.2- or
7.0-based systems, exploits three security breaches named "in.ftpd",
"rpc.statd" and "LPRng", which were previously detected and closed,
between June and September 2000.

All of these breaches, the firm said, are from the "buffer overflow"
category and allow a malicious person to send a remote system an
executable code and run it without the user's permission.

The Moscow-based company said that the way the worm works is rather
sophisticated.

Firstly, a target computer receives data that overflows the system's
internal buffer, so a worm code gains the root privileges and starts
the command processor that executes the worm's instructions.

At this stage, Ramen creates the "/usr/src/.poop" folder, launches
the Lynx Internet browser and downloads the worm's archive
"RAMEN.TGZ" from a remote computer.

After this, Ramen opens the archive and executes its main file
"START.SH". The worm has no additional payload except for changing
the content of "INDEX.HTML" files found on the system.

When the affected HTML-files are run they display a message of "RameN
Crew - Hackers loooooo00000000000ve noodles."

Denis Zenkin, Kaspersky's head of corporate communications, said that
it's important to emphasize that the breaches exploited by Ramen are
also found on other Linux variants, including Caldera OpenLinux,
Connectiva Linux, Debian Linux, HP-UX and Slackware Linux.

"This particular worm is triggered to activate only on systems
running Red Hat Linux," he said, adding that other Linux variants
could be affected by future versions of the worm.

"We therefore recommend users to immediately install patches for
these breaches regardless of the Linux distribute they use," he said,
adding that no reports of the virus "in the wild."

Kaspersky is at http://kaspersky.com.

21 Comments

21 Responses to First Successful Linux Virus Reported

Got News? Contact Us

Recent Headlines

Ubuntu Linux 24.10 codenamed ‘Oracular Oriole’ takes flight with mystical inspiration

KDE Slimbook Plasma VI brings AMD Ryzen power and AI to Linux laptop with 96GB RAM and 83wh battery

Is your network future-proofed for the age of AI?

Save $9! Get 'Java and Algorithmic Thinking for the Complete Beginner' for FREE

Forget TeamViewer, RustDesk is the open-source alternative you've been looking for

Old habits, new threats -- Why more phishing attacks are bypassing outdated perimeter detection

Stealth mode browser helps spot sneaky phishing attempts

Most Commented Stories

Forget Windows 11, the stunning Windows 10 2024 Edition is the operating system you want

34 Comments

10 shocking reasons Windows 10 outshines Windows 11

22 Comments

Rectify11 update arrives to fix Windows 11 -- download it now

18 Comments

Say goodbye to Microsoft Windows 11 and hello to Nitrux Linux 3.6.1

14 Comments

Microsoft is testing a change to the Windows 11 Start menu that you might actually like

14 Comments

Forget TeamViewer, RustDesk is the open-source alternative you've been looking for

12 Comments

Forget Microsoft Windows 11, the Chinese-made deepin Linux 23 is the operating system you really want

12 Comments

Microsoft is bringing ads to the Windows 10 Start menu, just like in Windows 11

11 Comments

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.