In case this helps anyone:
>>>>> Thus spake "Ionel Chila"
There is a quick perl script that can detect
the ramen worm. I also have the source code for
the worm if anyone interested.
Regards
#!/bin/perl
# Script that checks for signs of ramen infection
#
$detected = 0;
print "Ramen worm checker.\nChecking...\n";
open(F,"/etc/redhat-release") ;
print "You are running ",<F>,"\n";;
close(F);
@suspect = ("/usr/src/.poop", "/usr/src/.poop/ramen.tgz",
"/tmp/ramen.tgz");
foreach (@suspect)
if(-e) {
print "found $_\n";
$detected++;
}
}
open(N, "/bin/netstat -an|") or print "Could not open /bin/netstat\n";
while(<N>) {
if (/:27374.*LISTEN/) {
print "Ramen webserver detected on port 27374\n";
$detected++;
last;
}
}
close(N);
if ($detected) {
print "$detected telltale signs of ramen found. Get professional
help\n";
} else {
print "Wheee! No ramen signs found!\n";
}
Rusty Carruth Email: [EMAIL PROTECTED] or [EMAIL PROTECTED]
Voice: (480) 345-3621 SnailMail: Schlumberger ATE
FAX: (480) 345-8793 7855 S. River Parkway, Suite 116
Ham: N7IKQ @ 146.82+,pl 162.2 Tempe, AZ 85284-1825
ICBM: 33 20' 44"N 111 53' 47"W
