Santy Virus Used Google To Hack phpBB Forums
There is a new internet worm which is defacing web bulletin boards across the world, and its using Google as its springboard to identify such victims. The Perl/Santy-A worm (also known as Santy) exploits a vulnerability in a piece of software often used to provide discussion forums and bulletin boards on the web, phpBB. The worm uses the Google search engine to try and find vulnerable bulletin boards on the web. According to some reports, Google has started blocking the worm’s attempts to replicate.
How will Google commence such blocking? Will sites using phpBB forums find themselves missing from the latest Google Index? Hopefully not. The Santy worm, which is written in Perl, spreads to vulnerable phpBB bulletin boards on both Windows-based and Unix-based platforms. Once the worm has spread to three or more servers it will attempt to overwrite all HTM*, PHP*, ASP*, SHTM*, JSP* and PHTM* files with a web page containing the following message:
This site is defaced!!!
NeverEverNoSanity WebWorm generation #
where # is a number which increases by one on each iteration of the worm.
“The good news is that this worm only affects web servers, not users who visit any of these bulletin boards,” said Graham Cluley, senior technology consultant for Sophos, an anti-virus security firm. “There have been serious security vulnerabilities found in the phpBB software in the past – and this incident underlines the importance of all people keeping up-to-date with the latest security patches and fixes.”
Webmasters who run the phpBB software are advised to upgrade to the most recent version of the software at the earliest possible opportunity.
“With millions of websites around the world running the phpBB software it is essential that the message gets out to its users that they must take security seriously – and keep up-to-date with information about the latest discovered exploits,” continued Cluley.
How much of a security problem does this pose for Google?
CNet reports ” By the time Google put defenses in place, as many as 40,000 sites had been defaced by the worm, according to search statistics from Microsoft’s search engine, a competitor to Google’s service. By late Tuesday, Google had set up filters to weed out the worm’s queries and prevent its spread. The company did not address why it took as long as it did to respond to antivirus makers’ requests.
The worm attack spotlights the dark side of Google’s success: The search giant has become a target, and tool, for hackers. With the release of its desktop search software and its e-mail service, Gmail, the company has an increasing number of applications and services that have to be checked for security. Google has quickly found that the seeming legions of security hobbyists and professionals are perfectly willing to find and publicize flaws, whether the company approves or not.”