[ALERT] Net-Worm.Perl.Santy.A threatens Internet forums

Discussion in 'Internet & WWW' started by ShekharPalash, Dec 21, 2004.

Thread Status:
Not open for further replies.
  1. ShekharPalash

    ShekharPalash Web Entrepreneur

    Joined:
    Aug 4, 2004
    Messages:
    584
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Bangalore
    Kaspersky Lab, a leading developer of secure content management systems, has detected a new worm, Net-Worm.Perl.Santy.a. This worm infects certain web sites by exploiting a vulnerability in phpBB, a popular package used to create Internet forums. Santy.a is spreading rapidly, and has caused an epidemic. However, this does not directly affect end users - although the worm infects web sites, it does not infect computers used to view these sites.

    Santy.a is something of a novelty - it creates a specially formulated Google search request, which results in a list of sites running vulnerable versions of phpBB. It then sends a request containing a procedure which will trigger the vulnerability to these sites. Once the attacked server processes the request, the worm will penetrate the site, gaining control over the resource. It then repeats this routine.

    Once the worm has gained control over a site, it will scan all directories on the infected site. All files with the extensions .htm, .php, .asp, .shtm, .jsp and phtm will be overwritten with the text 'This site is defaced!!! This site is defaced!!! NeverEverNoSanity WebWorm generation'.

    Apart from defacing infected sites with this text, the worm has no payload. It will not infect machines which are used to view infected sites. Kaspersky Lab recommends that all users of phpBB should upgrade to version 2.0.11 to prevent their sites from being defaced.

    An urgent update to Kaspersky Anti-Virus databases has already been issued. Information about Santy.a can be found in the Kaspersky Virus Encyclopaedia.

    Source : Kaspersky Labs
     
  2. cooljeba

    cooljeba The Photoshop Guy

    Joined:
    Jun 30, 2004
    Messages:
    606
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    On Your monitor!
    thanks for the info shekhar......

    i will update mine soon :D

    ..:: peace ::..
    Jeba
     
  3. Deep

    Deep Version 2.0

    Joined:
    Jan 23, 2004
    Messages:
    977
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Mumbai
    yes.. i read about it yesterday on some site..

    and i must say there was a need for this worm..

    coz there are many many many webmasters who dont know about this exploit and they dont even care to check news or phpbb site for updates..

    so they will know how serious this exploit is once they are kicked hard lol

    Deep
     
  4. go4inet

    go4inet New Member

    Joined:
    Feb 18, 2004
    Messages:
    300
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Chennai
    well said Deep ! They shud check the forum softwares offcial site once in a week to check for updates to prevent the exploits !
     
Thread Status:
Not open for further replies.

Share This Page