Net Worm Uses Google to Spread

Posted by michael on Tuesday December 21, 2004 @10:15AM from the web-service-takes-on-new-meaning dept.

troop23 writes "A web worm that identifies potential victims by searching Google is spreading among online bulletin boards using a vulnerable version of the program phpBB, security professionals said on Tuesday. Almost 40,000 sites may have already been infected. In an odd twist if you use Microsoft's Search engine to scan for the phrase 'NeverEverNoSanity'-- part of the defacement text that the Santy worm uses to replace files on infected Web sites--returns nearly 39,000 hits." Reader pmf sent in a few more information links: F-Secure weblog and Bugtraq posting. Update: 12/22 03:34 GMT by T : ZephyrXero links to this news.com article that says Google is now squashing requests generated by the worm.

2 of 309 comments (clear)

Min score:

Reason:

Sort:

Re:Latest Version of phpBB Unaffected by topynate · 2004-12-21 10:29 · Score: 4, Insightful

Given that probably 90% of script kiddies find targets with Google, it could only be a matter of time before someone automated the process.
Maybe it's a theme - the worms of tomorrow will do what the script kiddies of today do.
Dshield disagrees by JustinXB · 2004-12-21 10:31 · Score: 3, Insightful

See here
Note: we earlier reported that it takes advantage of a php vulnerability. This does not seem to be the case.
Who are you going to believe: Some news site or a security community?