Hi all What I know about this : Technically Ramen is a worm (not necessarily a virus as such except in the sense that it is self replicating) It uses standard buffer overflow routines ( code freely available from : www.attrition.org, www.securityfocus.com, www.insecure.org) to attack known weaknesses. So effectively it is merely an amalgamation and automation of existing hacking code, with a little port scanning & network detection (OS Fingerprinting by TCP/IP is pretty simple, and very accurate) thrown in for good measure. I understand it also attacks BIND (port 53) which is often the first line of attack anyway. There will be a script available soon to automate removal of RAMEN ( http://www.securityfocus.com/tools/1944) which is worth getting JIC. Previous advice about getting the latest fixes is still the best. (There are a number of ways of automating this but the first thing I recommend to anyone is to subscribe to bugtraq at securityfocus, and also LINUX Security Newsletter - same place). HTH Regards Earl