"This is a little hint of what's coming in 2005," cautions Timothy Keanini, chief technology officer for nCircle Network Security Inc., a network security company. "All the technology that makes us more efficient makes the bad guys more efficient, too."phpBB boards running version 2.0.11 aren't vulnerable but older versions are. This fix was released mid-November.
Santy.a asks Google to return a list of sites using older versions of the phpBB software. It then connects to those sites and exploits a vulnerability to access the server running the bulletin-board software. The worm then overwrites .htm, .php, .asp, .shtm, .jsp, and .phtm files with text that reads, "This site is defaced!!! This site is defaced!!! NeverEverNoSanity WebWorm generation." Keanini notes that hackers have been gathering this sort of intelligence by doing manual searches for some time now. This worm, he says, may be one of the first that automates this process.
Read more at Information Week