Ramen worm
The Ramen worm, also referred to (albeit incorrectly) as the "Ramen virus", was a worm that spread in January 2001, targeting systems running versions 6.2 and 7.0 of the Red Hat Linux distribution.
This worm propagated using a brute force technique, searching the Internet for other machines running RedHat and copying itself to them. Once it infected a machine, it patched that same vulnerability, installed a rootkit, and sent the system's identity to an e-mail address coded in the worm.
An unusual feature of this worm was its calling card that made infected systems easily identifiable: It replaced all files on the system named "index.html" with a modified version with the page title "Ramen Crew", containing the following text and image link:
- RameN Crew
- Hackers looooooooooooooooove noodles.
- This site powered by [image: http://www.nissinfoods.com/tr_oriental.jpg]
The referenced image is no longer available on the indicated server.
See also
- Linux malware