We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Google unwittingly helping Santy worm spread

Bulletin board users may find sites defaced

A new worm that uses the Google search engine to locate victims has been unearthed. Its existence first came to light at the beginning of the week.

The worm, known as Santy.A, takes advantage of a critical software vulnerability in the free phpBB open source software widely used to create and maintain online bulletin boards. It appears the worm may use a vulnerability in the PHP scripting language that was recently patched, according to Alexey Zernov of antivirus company Kaspersky Labs.

Individual users aren’t at risk. Instead, it targets computer servers that host online bulletin boards and defaces their sites. Santy uses Google to find web addresses that use a special string, viewtopic.php, common to bulletin boards using the phpBB software.

PhpBB and other common software packages are written using PHP.

Once Santy infects servers running the phpBB software, it scans directories on the infected site and overwrites files with the extensions HTM, PHP, ASP, SHTM, JSP and PHTM with the text ‘This site is defaced!!! This site is defaced!!! NeverEverNoSanity WebWorm generation’.

The worm also launches a search on the Google search engine for URLs (uniform resource locators) that use a special string, viewtopic.php, which is common to bulletin boards written using the phpBB software, F-Secure spokesman Mikko Hypp"nen said.

The worm’s reliance on Google could be its downfall, however. If the search engine company can block the search text used by Santy.A, it would stop the worm from spreading, Hypp"nen said.

Santy.A is not believed to deposit Trojan horse programs or other malicious code on the systems it infects. However, Hypp"nen believes it could act as a road map for malicious hackers who are looking for vulnerable computers to exploit.

Both F-Secure and Kaspersky Labs have posted updated antivirus definitions that can spot the Santy.A worm and advise customers to update their antivirus software as soon as possible.

IDG UK Sites

Best camera phone of 2015: iPhone 6 Plus vs LG G4 vs Galaxy S6 vs One M9 vs Nexus 6

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 of price of Retina iMac with new model