Tweet
Santy worm is coming to town
Wednesday, December 22 2004
by Deirdre McArdle
A worm using Google to identify websites that use a vulnerable type bulletin
board software has spread quickly, infecting up to 40,000 sites.
The worm, dubbed Santy, exploits a vulnerability in third-party web servers that use phpBB bulletin board software, a popular package used to create web forums, and has been propagating at a rapid pace, infecting some 38,000 sites in a matter of hours.
This latest worm is quite unique, according to Kaspersky Lab. Santy creates a Google search request, which provides it with a list of sites running vulnerable versions of phpBB. It then sends a request containing a procedure which will trigger the vulnerability to these sites. Once the attacked server processes the request, Santy wriggles into the site and gains control.
Infected bulletin boards will feature a text message saying "This site is
defaced!!! This site is defaced!!! NeverEverNoSanity WebWorm generation".
Security experts have said that the worm will not attack home users but they may see its affects if they access the contaminated bulletin boards.
Google has proven to be a good hunting ground for worm authors who have used it to harvest e-mail addresses. Earlier in 2004 the MyDoom virus used Google in this way, pumping so many search queries into Google that the search engine was disabled for large periods of time.
Google has responded to pressure from antivirus firms to stop the spread of the worm. The search giant has told Kapernsky Lab that it has begun to filter requests made by Santy in a bid to halt the worm's spread.
Kaspersky Lab has advised that all users of phpBB to upgrade to version 2.0.11 in order to prevent their sites from being defaced by the Santy worm.
Wednesday, December 22 2004
by Deirdre McArdle
A worm using Google to identify websites that use a vulnerable type bulletin
board software has spread quickly, infecting up to 40,000 sites.
The worm, dubbed Santy, exploits a vulnerability in third-party web servers that use phpBB bulletin board software, a popular package used to create web forums, and has been propagating at a rapid pace, infecting some 38,000 sites in a matter of hours.
This latest worm is quite unique, according to Kaspersky Lab. Santy creates a Google search request, which provides it with a list of sites running vulnerable versions of phpBB. It then sends a request containing a procedure which will trigger the vulnerability to these sites. Once the attacked server processes the request, Santy wriggles into the site and gains control.
Infected bulletin boards will feature a text message saying "This site is
defaced!!! This site is defaced!!! NeverEverNoSanity WebWorm generation".
Security experts have said that the worm will not attack home users but they may see its affects if they access the contaminated bulletin boards.
Google has proven to be a good hunting ground for worm authors who have used it to harvest e-mail addresses. Earlier in 2004 the MyDoom virus used Google in this way, pumping so many search queries into Google that the search engine was disabled for large periods of time.
Google has responded to pressure from antivirus firms to stop the spread of the worm. The search giant has told Kapernsky Lab that it has begun to filter requests made by Santy in a bid to halt the worm's spread.
Kaspersky Lab has advised that all users of phpBB to upgrade to version 2.0.11 in order to prevent their sites from being defaced by the Santy worm.
Comment