This worm propagated using a brute force technique, searching the Internet for other machines running Red Hat Linux and copying itself to them. Once it infected a machine, it patched that same vulnerability, installed a rootkit, and sent the system's identity to an e-mail address coded in the worm.
An unusual feature of this worm was its calling card that made infected systems easily identifiable: It replaced all files on the system named "index.html" with a modified version with the page title "Ramen Crew", containing the following text and image link:
- RameN Crew
- Hackers looooooooooooooooove noodles.
- This site powered by [image: http://www.nissinfoods.com/tr_oriental.jpg]
The referenced image is no longer available on the indicated server.
Retrieved from : http://en.wikipedia.org/w/index.php?title=Ramen_worm&oldid=416397991