Before I head off to bed, I just want to give a very quick update on the “Anti-Santy” worm I have discussed previously in a post, as well as a follow-up. We now have a name to this worm - Asan - and information that its spread seems to be slowing from already limited levels. The good folks at F-Secure have more information in this weblog entry.
In addition, F-Secure reports Spyski.D, a new variant of the Spyski family (McAfee posts generic information for earlier versions here), which scans for 50 common phpBB vulnerabilities and coding mistakes to infect systems. There is little word on how much this worm, referred to as Spyki.D by F-Secure, is spreading, but I'd bet that checking for 50 phpBB vulnerabilities is going to put a lot of strain on already overloaded servers.
Of course, anyone who has not already upgraded should do so at the phpBB web site. And if you think that your install might have sloppy security, unless it is critical to keep PHP functions up, it might be worth going offline and patching up the holes - being infected is a lot worse. Then again, if it is critical, it would probably be wise to take a long, hard look at why those holes are there in the first place.
Remember, just not being on search engines isn't good enough. It isn't just worms that can use these vulnerabilities.
Posted
Jan 02 2005, 03:39 AM
by
trafton