Slashdot Mirror

← Back to Stories (view on slashdot.org)

Net Worm Uses Google to Spread

Posted by michael on from the web-service-takes-on-new-meaning dept.

troop23 writes "A web worm that identifies potential victims by searching Google is spreading among online bulletin boards using a vulnerable version of the program phpBB, security professionals said on Tuesday. Almost 40,000 sites may have already been infected. In an odd twist if you use Microsoft's Search engine to scan for the phrase 'NeverEverNoSanity'-- part of the defacement text that the Santy worm uses to replace files on infected Web sites--returns nearly 39,000 hits." Reader pmf sent in a few more information links: F-Secure weblog and Bugtraq posting. Update: 12/22 03:34 GMT by T : ZephyrXero links to this news.com article that says Google is now squashing requests generated by the worm.

6 of 309 comments (clear)

  1. Re:Latest Version of phpBB Unaffected by MightyMartian · · Score: 2, Insightful

    > It looks like the latest phpBB version 2.0.11 or a simple patch will thwart
    > the worm, though. Time to upgrade if you haven't yet!

    That's alright. All the lazy admins will blame Google and everything will be okay!

    This, I suspect, is going to be a new way of infecting web-based apps. Just do a search for the vulnerable software on Google, Yahoo or whatever, pop in, do your damage and be on your way.

    Of course, it will get much worse if its some sort of E-commerce software or something like that and these worms happily start stealing credit card transactions.

    --
    The world's burning. Moped Jesus spotted on I50. Details at 11.
  2. Re:Latest Version of phpBB Unaffected by topynate · · Score: 4, Insightful
    Given that probably 90% of script kiddies find targets with Google, it could only be a matter of time before someone automated the process.

    Maybe it's a theme - the worms of tomorrow will do what the script kiddies of today do.

  3. Dshield disagrees by JustinXB · · Score: 3, Insightful
    See here
    Note: we earlier reported that it takes advantage of a php vulnerability. This does not seem to be the case.
    Who are you going to believe: Some news site or a security community?
  4. Ehhh.. Tape drive perhaps?? by scsirob · · Score: 2, Insightful

    This is the main issue with harddisks as backup. They don't provide security against these kind of attacks as they are just as vulnerable as any other disk attached to the system.

    A tape drive for backups may seem like a 'thing from the past', but it's *very* effective in these instances...

    --
    To Terminate, or not to Terminate, that's the question - SCSIROB
    1. Re:Ehhh.. Tape drive perhaps?? by Anonymous Coward · · Score: 1, Insightful
      I guess you never had a hard drive stop working then. Lucky you. I've seen mechanical failures, electronic failures, interface failures, bent pins, people putting their fingers on sensitive electronic parts, static electricity zaping electronics, etc.


      Yes tapes can break, otherwise I've not seen nearly the same sorts of problems as with hard drives.


      Ok, not a tape lover then how about backup to cd-rw or DVD. But for goodness sake get the backup onto a medium that you take out of the computer and that you can put a copy offsite.

  5. I got hit by Ghoser777 · · Score: 2, Insightful

    My poor linux box - I felt so secure and then this little worm gets out. Thank god I had some recent backups, otherwise this would have really sucked. I guess it's alright though - you have to get rooted one time before you really understand how vulnerable the internet makes all of us.

    --
    James Tiberius Kirk: "Spock, the women on your planet are logical. No other planet in the galaxy can make that claim."