Net Worm Uses Google to Spread

Posted by michael on Tuesday December 21, 2004 @10:15AM from the web-service-takes-on-new-meaning dept.

troop23 writes "A web worm that identifies potential victims by searching Google is spreading among online bulletin boards using a vulnerable version of the program phpBB, security professionals said on Tuesday. Almost 40,000 sites may have already been infected. In an odd twist if you use Microsoft's Search engine to scan for the phrase 'NeverEverNoSanity'-- part of the defacement text that the Santy worm uses to replace files on infected Web sites--returns nearly 39,000 hits." Reader pmf sent in a few more information links: F-Secure weblog and Bugtraq posting. Update: 12/22 03:34 GMT by T : ZephyrXero links to this news.com article that says Google is now squashing requests generated by the worm.

3 of 309 comments (clear)

Min score:

Reason:

Sort:

Re:Under the Google radar by swordboy · 2004-12-21 10:18 · Score: 0, Offtopic

Still nothing on it, wonder how long it'll be before it shows up?

NeverEverNoSanity WebWorm generation 11

--

Life is the leading cause of death in America.
Re:Hammer Revolution by name773 · 2004-12-21 10:41 · Score: 0, Offtopic

indeed it has.
Distribution security updates to PHP? by errorlevel · 2004-12-21 10:48 · Score: 0, Offtopic

Does anybody know what distributions are affected by this vulnerability?

The last PHP update (which is where the vulnerability lies) for Debian Woody is from July 20th.

--

The Moo went "Cow!"