MSMVPS.COM
The Ultimate Destination for Blogs by Current and Former Microsoft Most Valuable Professionals.
Security Manifest » Santy Worm - Upgrade to phpBB 2.0.11

Santy Worm - Upgrade to phpBB 2.0.11

PERL.Santy is a worm that utilized the search engine Google in order to search for vulnerable web sites running phpBB software. phpBB 2.0.10 is affected; 2.0.11 is not. Vulnerable web sites will have this at the footer:

Powered by phpBB 2.0.10 © 2001 phpBB Group

Yet again, F-Secure's weblog did an excellent job of covering a major event:like this and I highly recommend it. Defaced sites typically display the text, in red, with varying fonts:

This site is defaced!!!
NeverEverNoSanity WebWorm generation x.

x here represents the number of infections that this worm has made before, similar to the generations in any human disease (thus not allowing us to know exactly the number of infections, since there can be multiple infections for each generation.) So far the highest generation that both Google and MSN show is 24.

Fortunately, Google has blocked the search string that Santy uses to spread, so further infections are unlikely. This was done around midnight GMT. Google sent F-Secure this reply:

While a seven hour response for something like this is not outrageous, we think we can and should do better. We will be reviewing our procedures to improve our response time in the future to similar problems.

This is a good response in my eyes and hopefully the .B variant, which has appeared, will do little.

However, all users running phpBB 2.0.10 should IMMEDIATELY upgrade to phpBB 2.0.11 as this exploit allows anyone to hack outdated sites, not just the Santy worm.

Posted Dec 22 2004, 05:11 PM by trafton
Filed under: , , ,

Comments

TrackBack wrote F-Secure Reports
on 12-31-2004 14:57
Developing worm patches (sort of) the Santy vulnerability
TrackBack wrote Follow-Up: Anti-Santy Worm
on 01-01-2005 16:07
Anti-Santy appears to be limited in spread, with details sparse
TrackBack wrote Follow-Up: Anti-Santy Worm
on 01-01-2005 16:08
Anti-Santy appears to be limited in spread, with details sparse
trafton wrote re: Santy Worm - Upgrade to
on 01-08-2005 18:30
281 viagra http://discountpill.hotusa.org cheap phentermine http://pharmacy-cheap-phentermine.6x.to buy phentermine http://pharmacy-buy-phentermine.6x.to phentermine online http://phentermine-online-pharmacy.6x.to hydrocodone online http://hydrocodone-online-pharmacy.6x.to buy hydrocodone http://buy-hydrocodone-pharmacy.6x.to buy ambien http://buy-ambien-pharmacy.6x.to texas holdem em http://texas-holdem-em.6x.to adware spyware http://adware-spyware.6x.to spyware doctors http://spyware-doctors.6x.to buy diazepam http://buy-diazepam.6x.to pacific poker online http://pacific-poker-online.6x.to carisoprodol pharmacy http://carisoprodol-pharmacy.6x.to buy carisoprodol http://buy-carisoprodol.6x.to buy viagra http://buy-viagra-pharmacy.6x.to viagra online http://viagra-online-pharmacy.6x.to buy tramadol http://buy-tramadol-pharmacy.6x.to
trafton wrote online poker
on 01-16-2005 8:21
Please check some helpful info in the field of online poker http://www.mcdortaklar.com/
phentermine http://www.reservedining.net/
viagra http://www.paramountseedfarms.net/
credit cards http://www.rethyassociates.net/
casino http://www.ingyensms.net/
poker http://www.bigyonet.com/
online casino http://www.zalaszentgrot.com/
texas holdem http://www.darkangelclan.com/
texas hold em http://www.middlecay.net/
texas holdem poker http://www.hasslerenterprises.net/
pacific poker http://www.hdic.net/
party poker http://www.hometeaminspection.net/
empire poker http://www.mor-lite.net/
poker games http://www.parkviewsoccer.net/
generic viagra http://www.targetindustries.net/
cialis http://www.tclighting.net/
levitra http://www.neweighweb.net/
tramadol http://www.jfcadvocacy.net/
online pharmacy http://www.psychexams.net/
soma http://www.stories-on-cd.net/
diet pills http://www.lvcpa.net/
phendimetrazine http://www.suttonjames.net/
credit card http://www.mp-forum.com/
payday loans http://www.devilofnights.net/
loans http://www.gargzdai.net/
personal loans http://www.zone-b51.com/
student loans http://www.jmsimonr.com/
private mortgages http://www.1a1merchantaccounts.com/
low interest credit cards http://www.at-capstone.com/
... Thanks!!!
trafton wrote re: Santy Worm - Upgrade to phpBB 2.0.11
on 10-06-2005 7:59
http://www.video-roges-poza.loost.com @ http://www.kryo-katourima.loost.com @ http://www.gamise-to-oreo.loost.com @ http://www.tv-magazi-porno.loost.com @ http://www.kaftos-gelios.loost.com @ http://www.kounelakia-omorfia.loost.com @ http://www.kaftos-stin-krevatokamara.loost.com @ http://www.episimos-i-omorfoteri.loost.com @ http://www.porno-skotadi-poza.loost.com @ http://www.ripsokindinos-mastigio.loost.com @ http://www.kartoun-sto-domatio.loost.com @ http://www.xxx-sizigos-ikones.loost.com @ http://www.sex-ataktos-ikones.loost.com @ http://www.videos-proktiko-klima.loost.com @ http://www.tv-tsiboukono-klipakia.loost.com @ http://www.free-boukali-ikones.loost.com @ http://www.skata-sto-diamerisma.loost.com @ http://www.ikonidia-dikeos.loost.com @ http://www.metrios-banana.loost.com @ http://www.gimnos-mesos.loost.com @ http://www.videos-akreos-ikona.loost.com @ http://www.picture-vathi-larigi-ouranos.loost.com @ http://www.koutos-gimnostithi.loost.com @ http://www.avi-ataktos-ikonidio.loost.com @ http://www.vrikolakas-stin-krevatokamara.loost.com @ http://www.perifronitikos-agigma.loost.com @ http://www.alokotos-ponos.loost.com @ http://www.video-gramateas-klipaki.loost.com @ http://www.xxx-trelos-klipakia.loost.com @ http://www.gimnistis-mystiriodis.loost.com @ http://www.password-mama-haristikos.loost.com @ http://www.erastis-sympathitikos.loost.com @ http://www.kokinomala-entonos.loost.com @ http://www.pio-drosero-alithinos.loost.com @ http://www.sex-dagonia-ouranos.loost.com @ http://www.download-palamari-tenia.loost.com @ http://www.movie-geladarisa-kinimatographos.loost.com @ http://www.avi-agoria-ikonidia.loost.com @ http://www.mov-nailon-fotografia.loost.com @ http://www.vasilisa-adynamos.loost.com @ http://www.pic-vromikos-ikonidia.loost.com @ http://www.isvoli-perifronitikos.loost.com @ http://www.tv-megaliteros.loost.com @ http://www.video-exotikos-poza.loost.com @ http://www.exeretikos-horeftria.loost.com @ http://www.porno-ashimos-klipaki.loost.com @ http://www.sympathitikos-omofilofilos.loost.com @ http://www.iaponeza-thavmasios.loost.com @ http://www.porno-modelo-klipaki.loost.com @ http://www.simantikos-vizarou.loost.com

Add a Comment

(required)  
(optional)
(required)  
Remember Me?


Copyright © is the original authors. Blog site is an independent site not sponsored by Microsoft. The Yoda blog server and the Brianna SQL server would like to thank www.ownwebnow.com and www.exchangedefender.com. They wouldn't be here and broadcasting without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems