I.T. Vibe
Latest Business Communications Gaming General Security Technology Virus  
   Member Services
Login
Register
   General Services
Contact Us
Merchandise
Toolbar
RSS Feeds
Other Formats
   Site Search
 
Advanced Search
   News Alerts
Enter your email address to receive news alerts
 
View Privacy Policy
Unsubscribe
   Information
Latest Virus Alerts
Internet Threat Level
Internet Traffic Report
   Opinion Poll
Macs - Love Them or Hate Them? Place your votes now.
Love 'em
Hate 'em
Indifferent
Reader Comments: 0
View All Polls
Santy worm attacks thousands of phpBB boards
Tuesday, December 21, 2004 at 22:18 by Rich Kavanagh
Anti-virus experts at Sophos have advised that a new Internet worm is defacing web bulletin boards across the globe.

The Santy worm exploits a vulnerability in a piece of software often used to provide discussion forums and bulletin boards on the web, phpBB. The worm uses the Google search engine to try and find vulnerable bulletin boards on the web, and replaces files on the bulletin board with a message which contains the following text:

This site is defaced!!!
NeverEverNoSanity WebWorm generation X

where X increases by one on each iteration of the worm.

Graham Cluley, Senior Technology Consultant for Sophos said,

"The good news is that this worm only affects web servers, not users who visit any of these bulletin boards. There have been serious security vulnerabilities found in the phpBB software in the past - and this incident underlines the importance of all people keeping up-to-date with the latest security patches and fixes."

With the Santy worm released today, Sophos experts are theorising that it is possible the worm's distribution has been deliberately timed to coincide with the holiday season.

"Can it really be coincidence that a worm which attacks web bulletin boards is released just as many companies and organisations who run such message boards are shutting down for Christmas?", continued Cluley. "Many webmasters will be going home early for the holidays - and its likely this worm will have a greater impact simply because the people who need to be at their desks to fix the problem, are relaxing in front of the fire."

Webmasters and server operators who run the phpBB software have been advised to upgrade to the most recent version of the software as soon as possible to ensure their security.

More information about the Santy worm will be published later today, check back for updates soon.

UPDATE: Santy worm details released

UPDATE: See some of the 1,450+ sites already attacked
 
Contact Rich Kavanagh, the author of this article View a printer friendly version of this article Email this article to a friend RSS Feeds
Comment # 1 on 21 December 2004 at 23:09 by Anonymous
For lots of technical details about Santy, check the internet storm center at http://isc.sans.org
Comment # 2 on 21 December 2004 at 23:17 by Anonymous
Some people have way too much time on thier hands to come up with this BS
Comment # 3 on 22 December 2004 at 07:00 by Rich
You can see all the sites that have already been attacked by doing a Google search for [url="http://www.google.com/search?q=This+site+is+defaced+NeverEverNoSanity"]NeverEverNoSanity[/url]
Your Verification Number:

Please enter your Verification Number:

Recent Articles In Virus:
New alert over Eee Box desktop PCs
Microsoft and criminals could determine the future of the anti virus market
Experts crack Arhiveus virus Password
Top ten viruses reported in May 2006
Researchers find Symantec antivirus software has flaw
 
Other Recent Articles:
Fwd4.Me provide a handy new URL shortening service
Is Nokia set to release a Nokia branded laptop?
Is the world of Internet blogging out of control?
EU authorities step into Phorm row
New developments in the field of cancer detection
 

 © 2009 I.T. Vibe - All Rights Reserved - All Trademarks Recognised - Privacy Policy - Terms & Conditions