[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Sheflug] Re: Ramen Worm
Matt Fairtlough writes:
> Ulp:
>
> <Helium>/home/matt: cat public_html/index.html
> <html>
> <head><title>Ramen Crew</title></head>
> <body bgcolor=white text=black>
> <font face=arial>
> <center><font size=+3>RameN Crew</font><center><br>
> <br>
> <br>
> <center>Hackers looooooooooooooooove noodles.
>
>
> <br><br><br><br><br><br><br><br><br><br><br><br>
>
> <font size=-1><b>This site powered by<b><br>
> <img src="http://www.nissinfoods.com/tr_oriental.jpg">
> <body>
> </html>
>
> Maybe this is connected with the network and printing problems I have
had.
> Did I read that this worm makes security patches as well as replacing
> index.html??
> Or am I just fantasising? Anyway, is there a quick fix I can do to
block all
> but Web and email traffic to my machine? Clearly I need to take
urgent
> action.
As I was saying a while back - there is a reason to download those
errata :-)
IIRC Ramen will close up the security holes it attacks (LPrng, ftp and
NFS(?)) after it gets in.
I'm not sure what the solution is for getting rid of the worm - the
paranoid in me says formatting everything and installing from CD...
Check http://www.redhat.com/ there is a link to info on the worm
there.
Baz.
--
Barrie J. Bremner
TheEnglishman [at] ecosse.net | OpenPGP public key ID: 5164F553
http://www.geocities.com/thefatenglishman
[Contact information available at website]
"Linux? Is that some kind of MacOS?"
-- BT technical support
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word
"unsubscribe" in the body of the message.
GNU the choice of a complete generation.