We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Google unwittingly helping Santy worm spread

Bulletin board users may find sites defaced

A new worm that uses the Google search engine to locate victims has been unearthed. Its existence first came to light at the beginning of the week.

The worm, known as Santy.A, takes advantage of a critical software vulnerability in the free phpBB open source software widely used to create and maintain online bulletin boards. It appears the worm may use a vulnerability in the PHP scripting language that was recently patched, according to Alexey Zernov of antivirus company Kaspersky Labs.

Individual users aren’t at risk. Instead, it targets computer servers that host online bulletin boards and defaces their sites. Santy uses Google to find web addresses that use a special string, viewtopic.php, common to bulletin boards using the phpBB software.

PhpBB and other common software packages are written using PHP.

Once Santy infects servers running the phpBB software, it scans directories on the infected site and overwrites files with the extensions HTM, PHP, ASP, SHTM, JSP and PHTM with the text ‘This site is defaced!!! This site is defaced!!! NeverEverNoSanity WebWorm generation’.

The worm also launches a search on the Google search engine for URLs (uniform resource locators) that use a special string, viewtopic.php, which is common to bulletin boards written using the phpBB software, F-Secure spokesman Mikko Hypp"nen said.

The worm’s reliance on Google could be its downfall, however. If the search engine company can block the search text used by Santy.A, it would stop the worm from spreading, Hypp"nen said.

Santy.A is not believed to deposit Trojan horse programs or other malicious code on the systems it infects. However, Hypp"nen believes it could act as a road map for malicious hackers who are looking for vulnerable computers to exploit.

Both F-Secure and Kaspersky Labs have posted updated antivirus definitions that can spot the Santy.A worm and advise customers to update their antivirus software as soon as possible.


IDG UK Sites

Amazon Kindle Voyage release date, price and specs UK: a high-end eReader with Amazon’s best-ever...

IDG UK Sites

Why local multiplayer gaming is rapidly vanishing: we look at the demise of split-screen and LAN...

IDG UK Sites

How to successfully bridge the gap between clients and creatives

IDG UK Sites

How to update your iPhone or iPad to iOS 8: including how to install iOS 8 if you don't have room