The Santy Worm, Heads Up To All Phpbb Forums!!!
Search engine's actions should halt the worm's spread, antivirus vendors say.
Paul Roberts, IDG News Service Wednesday, December 22, 2004
Web search engine company Google is blocking efforts by a new Internet worm to use its search engine to find vulnerable computers on the Internet, the company announced this week.
Google is blocking searches launched by Santy.A, a new Internet worm that targets servers running phpBB, a popular electronic bulletin board software package, according to a statement from the company. Without any native ability to scan for vulnerable computers, Google's action halted Santy.A's spread, according to antivirus companies.
Santy.A targets servers running phpBB. Antivirus companies first detected the worm Tuesday, though it may have been spreading silently well before that, according to Johannes Ullrich, chief technology officer at The SANS Institute's Internet Storm Center.
The worm used a vulnerability in phpBB, an open source software product that is managed by the phpBB Group, to spread across the Internet, infecting computer servers that host online bulletin boards and defacing those sites with the words "This site is defaced!!! NeverEverNoSanity WebWorm."
A phpBB component called viewtopic.php allows malicious commands to be passed to and executed on servers that run a vulnerable version of the phpBB software. Secunia, a Copenhagen-based security company, first reported the vulnerability on November 19. An updated version of phpBB software that fixes the flaw was released on November 18.