Slashdot Mirror

← Back to Stories (view on slashdot.org)

Anti-Santy Worm Patches phpBB Flaw

Posted by michael on from the whether-you-like-it-or-not dept.

sebFlyte writes "Interesting Santy worm story -- there's now an anti-Santy worm proliferating, which spreads the same way as a normal worm, but rather than killing machines or taking control of them, it gives them security updates..." We mentioned the Santy worm about ten days ago.

6 of 245 comments (clear)

  1. Not very benificial by lightdarkness · · Score: 5, Informative

    Is reporting that they don't know if the worm actually patches it sucessfully. For all we know, it could be infecting the System. When searching, only 3 results came up.

  2. Re:White Knight Viruses/Worms? by lachlan76 · · Score: 2, Informative

    No, there was another one, the Nachi virus.

    IIRC, this caused as much damage as a normal worm. It crashed systems, destroyed windows installations, etc. etc.

  3. Nice thought but... by Tajas · · Score: 2, Informative

    This was a nice thought of sorts on the writers hands and is a good wake-up call to make people upgrade their outdated sites. I did a simple google search and found 2 sites that were hit by this anti-santy worm. I wonder what the admins of these sites are going to tell the people they work for?

    Below are 2 sites that as of this posting have:
    viewtopic.php secured by Anti-Santy-Worm V4

    Your site is a bit safer, but upgrade to >= 2.0.11 !!
    Upgrsrv:201.255.84.219/

    http://www.ifotografi.it/secure.php/

    http://www.forum.moto-portal.pl/secure.php/

  4. The Code by RobertTaylor · · Score: 4, Informative

    Full code of asw.txt here....

    This is the code of the worm extracted from a vulnerable box.

    # asw: anti santy worm
    # this worm will try to fix any viewtopic.php on local box
    # will use this box for 1 day to search other buggy phpBB forums, and end.
    etc...

  5. Re:which brings up another question... by mobby_6kl · · Score: 2, Informative

    You can just download the BeOS setup file (about 45-50mb) and run it as any other program. The rather normal installation process follows, it creates some files on a (preferably) FAT partition, all you then need to do is double-click the BeOS icon and the computer will reboot into BeOS. Download is availible here.

  6. Re:Concealed ends? by nazarijo · · Score: 2, Informative
    yes, this has been thoroughly investigated. i've done several writeups and linked to papers and analysis on wormblog.

    i am wholeheartedly against "benevolent worms".