[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Sheflug] Re: Ramen Worm
On Wed, Feb 07, 2001 at 01:22:33PM +0000, Barrie Bremner wrote:
> Matt Fairtlough writes:
> > Ulp:
> >
> > <Helium>/home/matt: cat public_html/index.html
> > <html>
> > <head><title>Ramen Crew</title></head>
> > <body bgcolor=white text=black>
> > <font face=arial>
> > <center><font size=+3>RameN Crew</font><center><br>
> > <br>
> > <br>
> > <center>Hackers looooooooooooooooove noodles.
> >
> >
> > <br><br><br><br><br><br><br><br><br><br><br><br>
> >
> > <font size=-1><b>This site powered by<b><br>
> > <img src="http://www.nissinfoods.com/tr_oriental.jpg">
> > <body>
> > </html>
> >
> > Maybe this is connected with the network and printing problems I have
> had.
> > Did I read that this worm makes security patches as well as replacing
> > index.html??
> > Or am I just fantasising? Anyway, is there a quick fix I can do to
> block all
> > but Web and email traffic to my machine? Clearly I need to take
> urgent
> > action.
>
> As I was saying a while back - there is a reason to download those
> errata :-)
>
> IIRC Ramen will close up the security holes it attacks (LPrng, ftp and
> NFS(?)) after it gets in.
>
> I'm not sure what the solution is for getting rid of the worm - the
> paranoid in me says formatting everything and installing from CD...
>
> Check http://www.redhat.com/ there is a link to info on the worm
> there.
>
There is no need to reinstall. Check pages like www.securityfocus.com and
www.secuirtyportal.com
I've seen mentions of a script the removes the Ramen Worm, it is not that
difficult to do.
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word
"unsubscribe" in the body of the message.
GNU the choice of a complete generation.