Santy worm uses Google to infect phpBB forums

Posted on Wednesday, December 22 2004 @ 3:04 CET by Thomas De Maesschalck
A new worm has been detected that uses Google to find vulnerable phpBB forums. The worm - named Net-Worm.Perl.Santy.a - queries Google to find sites using outdated versions of the phpBB forum software which can be exploited.
"This is a little hint of what's coming in 2005," cautions Timothy Keanini, chief technology officer for nCircle Network Security Inc., a network security company. "All the technology that makes us more efficient makes the bad guys more efficient, too."

Santy.a asks Google to return a list of sites using older versions of the phpBB software. It then connects to those sites and exploits a vulnerability to access the server running the bulletin-board software. The worm then overwrites .htm, .php, .asp, .shtm, .jsp, and .phtm files with text that reads, "This site is defaced!!! This site is defaced!!! NeverEverNoSanity WebWorm generation." Keanini notes that hackers have been gathering this sort of intelligence by doing manual searches for some time now. This worm, he says, may be one of the first that automates this process.
phpBB boards running version 2.0.11 aren't vulnerable but older versions are. This fix was released mid-November.

Read more at Information Week


About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.



Loading Comments



Use Disqus to post new comments, the old comments are listed below.


Re: Santy worm uses Google to infect phpBB forums
by Anonymous on Saturday, December 25 2004 @ 11:31 CET
I found a forum that has this problem, here a screenshot: http://www.lifelesspeople.net/userfiles/bart416/screenvirus.JPG