Looks to be an automated self propagating script.  Uses lpr or wuftp
vulnerabilities to get in, closes the holes, installs a root kit and then tries
to find a new site to hit.  So unlike a windows worm that just needs an idiot
user to propagate it, this one requires that the admin didn't close those two
holes by either upgrading the daemons or, as I do, shutting them
off/uninstalling the unnecessary rpms.

> > this bears reading folks....
> > looks like the cyberpunks are at it again. :(
> > http://www.theregister.co.uk/content/6/16168.html
> 
> I always knew there was a connection between worms and ramen noodles.