Business

Marketing

Search Engine Optimisation

E-commerce

Security

Webhosting

Web development & design

Webmastering

Community Forums:

Business Discussion
General Marketing
Internet Marketing
Search Engine Optimisation
Google SEO
E-commerce
Web Hosting & Domains
Web design
Online Security

Web Resources:

Area: Marketing Resources

Marketing mistakes

How to destroy your business in five easy steps.

Area: SEO Resources

SEO Reporting

SEO never stops - even after the reports.

Area: Webmaster Resources

Link Exchange

Guidelines to link exchanging.

Area: Internet Forum:

Jeteye Jetbot

Information on the Jeteye Jetbot.

Area: News blog:

Marketing blog

Marketing news and commentary.

Area: Business Directory:

UK Internet

UK Internet Directory listings in the business directory.

Area: Business Directory:

Web design Directory

Web design Directory listings in the business directory.

Website Advertising

UK Internet Marketing Services

Looking for a new memory card?

Digital Telephones: special reductions

Jobs Directory

Internet News & Resources

Advertise on Platinax

Free Advertising
Dental Insurance

wierdddddddddddd Google

UK housing markets

Tax relief on rent/mortgage

How to improve page ranking?

Second holiday website

SEO and AdWords API

Online Card Processing

how do I charge VAT to Spanish, English, Italians, if my company is in UK?

Reciprocal linking

Lost PR of 3 because of changes, then I got PR 4 !!!

Search cost and psychic cost

Dynamic Site Feeds:

News:

Forums:

Blogs:

Brian's Blog:

Cyber-routes:

Peter Hale:

Platinax Internet >> Platinax Internet News

Platinax Internet News

Internet and business news for the UK online

« Dollar continues record fall against Euro | Main | Internet wins Christmas shoppers, but high street sales fail Boxing Day »

December 28, 2004

PHPBB worms multiply

Variants of the Santy worm, which as reported in Santy: Automated attack on phpbb forums, have begun to surface, continuing a worrying trend of worms that automatically query search engines for suitable targets.

Although the original Santy Worm was an application written in PHP, a major new variant written in Perl has emerged. Security firms are showing marked differences with classifying the resulting variants, with Symantec now designating the line with the suffix Perl.phpinclude, while Kaspersky renamed Santy.d and Santy.e as Spyki.a and b., citing significant differences in the worms' structure from earlier Santies.

According to Google worm targets AOL, Yahoo

"Perl.Santy.B is a worm written in Perl script that attempts to spread to Web servers running versions of the phpBB 2.x bulletin board software prior to 2.0.11," warned Symantec in a Dec. 26 bulletin. "It uses AOL or Yahoo search to find potential new infection targets."
AOL, which uses Google for its underlying search technology, said it was looking into the problem and was uncertain whether Google blocks already in place would prevent misuse of AOL's search site. Yahoo, which dumped Google's search technology in February, could not be reached immediately for comment.

Several other variants are cropping up. Santy.c targets Google once again.

The Brazilian Google has also apparently been specifically targeted for the worms for seeking out targets.

Harry Fuecks at Sitepoint has also written an informative article on the issue of how the variants actually operate, and clearing up a few apparent misconceptions that exploits in PHP itself were being used to drive them: PHP Worms: Santy / Perl.PhpInclude - ModSecurity.

Posted by brian_turner at December 28, 2004 03:55 PM

| Discuss this in the Business, Marketing & Search forums

Trackback Pings

TrackBack URL for this entry:
http://www.platinax.co.uk/cgi-bin/mt/mt-tb.cgi/221

March 2005
S	M	T	W	T	F	S
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

Platinax Internet News

December 28, 2004

PHPBB worms multiply

Trackback Pings

Search

News Archives:

Monthly Archives

Recent Entries