The first
linux virus to be found in outside a laboratory.
Discovered "in the
wild" at the
Kaspersky Labs in
Moscow, on 25th January 2001, the
ramen virus (technically a "
worm") is an amalgamation of 3 separate
scripts, one which scans randomly selected
internet addresses for
victims, and then two which
exploit one of three widely known, but poorly patched vulnerabilities.
The affected machines all run Red Hat linux 6.2 or 7.0, with the wu-ftpd and rpc.statd holes being attacked in 6.2 and LPRng hole in 7.0. The worm is allegedly similar in structure to the infamous 1988 Morris Worm, but the author has had the intelligence to block servers it has infected from being reinfected, so they don't get slowed down.
The Ramen virus defaces web pages that are hosted on the server it infects with the message "Hackers looooooooooooove noodles," signed by the "RameN Crew" with a html img tag link to a picture of said noodles from the Nissen Foods website.
Information taken from:
http://www.securityfocus.com/
www.newscientist.com