Santy worm Googles to attack phpBB2 forums


A NEW internet worm has launched a Google-powered assault on web bulletin boards that use the popular phpBB forum software.

Dubbed “Perl.Santy.A”, or “Santy”, the worm attacks web servers rather than desktop PCs, a warning posted online by Finnish internet security company F-Secure said.

The worm uses Google to search randomly for new hosts, F-Secure said.

Once a server is infected, the worm begins to find and overwrite files with extensions including .htm, .php, .asp, .shtm, .jsp and .phtm.

The files are replaced with the text: “This site is defaced. NeverEverNoSanity Webworm generation n”, where n represented the generation of the worm infecting the host

“There have been serious vulnerabilities found in the phpBB software in the past and this incident underlines the importance of all people keeping up to date with the latest security patches and fixes,” anti-virus firm Sophos senior technology consultant Graham Cluley said.

The release of the worm was probably timed to coincide with Christmas, he said. “Can it really be coincidence that a worm which attacks bulletin boards is released just as many companies and organisation that run such message boards are shutting down for Christmas?” Mr Cluley said.

The worm’s impact could be increased by the fact that many webmasters would be on holidays, he said.

gorilla notes:
To fix an all ready infected or deface phpBB2 forum you will need to download the latest vesiorn of phpBB2 2.0.11 and upgrade to this newest version.