Original URL: http://www.theregister.co.uk/2004/12/21/santy_worm/
Santy worm defaces thousands of sites
PHP exploit
Posted in Security, 21st December 2004 23:38 GMT
Watch Now : Virtual Machine Movement with Hyper-V
A worm which attacks web servers running the popular phpBB discussion forum software to deface vulnerable systems spread widely across the net today.
The Santy [1] worm searches for vulnerable forum sites using Google. When a suitable target is found, Santy uses a remote exploit to gain access and deface it before resuming its scanning activity. Content on defaced sites is replaced by the following text string.
"This site is defaced!!!" NeverEverNoSanity
Apart from defacing infected sites with this text, the worm has no payload. It will not infect PC used to view infected sites. F-Secure, the Finnish anti-virus firmm estimates there more than one million sites use the vulnerable phpBB software, of which tens of thousands have already been defaced. Users of phpBB are advised to update to version 2.0.11. ®
Related stories
Bofra exploit tied to 'massive botnet' [2]
Son of Code Red is born [3]
IIS worm made to packet Whitehouse.gov [4]
Nokia prefers Python to Perl for smartphone scripting [5]
Your Perl and PHP problems solved [6]
Links
- http://www.kaspersky.com/news?id=156681162
- http://www.theregister.co.uk/2004/11/22/apache_hijack_serves_iframe_exploit/
- http://www.theregister.co.uk/2001/08/06/son_of_code_red/
- http://www.theregister.co.uk/2001/07/19/iis_worm_made_to_packet/
- http://www.theregister.co.uk/2004/01/21/nokia_prefers_python_to_perl/
- http://www.theregister.co.uk/2004/04/07/perl_and_php_books/