Slashdot Mirror

← Back to Stories (view on slashdot.org)

Net Worm Uses Google to Spread

Posted by michael on from the web-service-takes-on-new-meaning dept.

troop23 writes "A web worm that identifies potential victims by searching Google is spreading among online bulletin boards using a vulnerable version of the program phpBB, security professionals said on Tuesday. Almost 40,000 sites may have already been infected. In an odd twist if you use Microsoft's Search engine to scan for the phrase 'NeverEverNoSanity'-- part of the defacement text that the Santy worm uses to replace files on infected Web sites--returns nearly 39,000 hits." Reader pmf sent in a few more information links: F-Secure weblog and Bugtraq posting. Update: 12/22 03:34 GMT by T : ZephyrXero links to this news.com article that says Google is now squashing requests generated by the worm.

15 of 309 comments (clear)

  1. Quick! by Anonymous Coward · · Score: 5, Funny

    Someone figure out a way to blame this on Microsoft!

    1. Re:Quick! by ptr2004 · · Score: 4, Funny

      In other news. A tele-marketer used a telephone directory to make calls

    2. Re:Quick! by AmberBlackCat · · Score: 5, Funny
      Someone figure out a way to blame this on Microsoft!

      The PHP guys will probably blame it on Apache 2.

  2. Poor /. by roman_mir · · Score: 5, Funny

    I think this virus/worm hit /., when I clicked on the link to this article, all I saw was: "Nothing for you to see here. Please move along."

    --
    You can't handle the truth.
  3. If the virus goes senile... by StevenHenderson · · Score: 3, Funny

    it can always use Google Suggest to find victims. :)

  4. And in a complete upset by Marxist+Hacker+42 · · Score: 4, Funny

    Microsoft search beats Google at indexing pages hacked by this virus! MS Search turns up 39000 pages, google turns up zero on the same nonsense keyword!

    --
    SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
  5. Infect Slashdot by somethinghollow · · Score: 5, Funny

    When it infects sites running SlashCode, it pretends to be a legitament post (so it can get the defacement tag "NeverEverNoSanity" on the front page, then monitors for posting, and tries to get first post, too.

    1. Re:Infect Slashdot by sconeu · · Score: 2, Funny

      How is that different from most non-virus posts?

      --
      General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
  6. Re:Under the Google radar by ad0gg · · Score: 1, Funny

    Google takes a while to get information into the index usually a couple weeks(this doesn't apply to news sites or other sites google deems to be updated constantly), MSN beta search usually lags about a day after a crawl. I won't even talk about how slow yahoo is(After first crawl and index).

    --

    Have you ever been to a turkish prison?

  7. Re:Latest Version of phpBB Unaffected by Martin+Blank · · Score: 2, Funny

    Good job. You do know that by Slashdotting the phpBB.com server, you're preventing people from patching, right? :)

    --
    You can never go home again... but I guess you can shop there.
  8. This is kind of sad... by The+Hobo · · Score: 2, Funny

    I had forgotten the MSN beta search engine, so I just googled it...

    --
    There is another kind of evil which we must fear most, and that is the indifference of good men. -- Boondock Saints
  9. My Christmas gift! Noooooo! by 286 · · Score: 2, Funny

    So I get my present, in the mail, a little early.
    A new HDTV card...
    I go to download the linux only drivers and...

    NeverEverNoSanity!!!

    Argh! &$@*#! Humbug.

  10. Re:Under the Google radar by northcat · · Score: 2, Funny

    OMG! How is parent funny?!? Is this some bizzare experiment by slashdot mods?

  11. NeverEverNoSanta by Anonymous Coward · · Score: 1, Funny

    "Once Santa infects a Web site, he searches Google for other sites running phpBB and then attempts to infect those sites as well."

  12. Re:Everyone sets 'chmod 666' on their files nowada by Just+Some+Guy · · Score: 2, Funny

    The worm didn't touch a single file not owned by user 'www' - just the few thousand files that were.

    --
    Dewey, what part of this looks like authorities should be involved?