Linux virus infection fears

If you see this you have been hit by the Redhat worm

By BBC News Online internet reporter Mark Ward

Virus writers are starting to target web computers running the Linux operating system.

This week, many web servers running some versions of Linux have been infected with a malicious program that uses the computers as a springboard to spread itself around the internet.

Although not destructive, the virus program is inconveniencing many webmasters as it hogs resources while searching for new servers to infect.

Experts have warned Linux users to expect growing numbers of attacks as the operating system grows in popularity.

Instant access

The webmasters who have had to deal with the problem are those running sites using Redhat Linux. Servers have been invaded by a worm that replaces the site's main page with one showing an image of a Ramen instant noodle packet. The picture is accompanied by the message, "Hackers looooooooooooove noodles".

Worms are a distinct class of viruses that can move around and replicate by themselves. Typically viruses only move to other machines with the help of the files they have infected.

The worm targets servers using version 6.2 and 7.0 of Redhat Linux. The program looks for well known loopholes in these versions and exploits them to copy itself on to the vulnerable machines.

Once resident, the worm installs another program that closes the loopholes it has exploited, replaces the main page of the site and then starts scanning the web for new vulnerable machines.

Although relatively benign, the virus is irritating because while searching for new victims it swamps a server's link to the net.

Closing the door

Lax security measures have been blamed for the rash of infections. The three loopholes that the Redhat worm exploits have been known about for months and patches for them have been available for almost as long. Redhat itself issued a patch in September last year.

Analysis of the worm by security experts has found that it has been created by sticking together existing programs.

Many of the worms and other viruses that have plagued PC users over the past couple of years have been made in this way by low-tech malicious hackers who have come to be known as "script kiddies".

Experts are warning webmasters using Linux, and any other operating system, to be vigilant and keep up with patches and security updates.

"As we see the operating system getting more popular, there will be an increased incentive for virus writers to attack it," said Graham Cluley from anti-virus firm Sophos. "There have been viruses for versions of Unix before but they have not typically been very successful."

Other versions of Linux possess the same vulnerabilities but this worm only targets Redhat installations.

"If there is an increase in targetted vulnerabilities, there is also an increase in good eyeballs looking at it and posting patches," said a spokeswoman for Redhat. "Because the code is open, there's no place for security breaches to hide."