Slashdot Mirror


Anti-Santy Worm Patches phpBB Flaw

sebFlyte writes "Interesting Santy worm story -- there's now an anti-Santy worm proliferating, which spreads the same way as a normal worm, but rather than killing machines or taking control of them, it gives them security updates..." We mentioned the Santy worm about ten days ago.

3 of 245 comments (clear)

  1. Security update? by jacobcaz · · Score: 5, Insightful
    Is this really a "security update" as much as it's fiddling a bit with some PHP code? And this "beneficial" worm still defaces the site too:
    • Sites that have been attacked by the anti-Santy worm are defaced with the words: "viewtopic.php secured by Anti-Santy-Worm V4. Your site is a bit safer, but upgrade to >= 2.0.11."
    If I break into your house and clean your bathroom you could call me beneficial, but you might get a little upset if I used spray-paint to write "This house is a bit cleaner, but buy some Lysol" on your front door.
  2. Re:White Worms by aborchers · · Score: 5, Insightful

    In principle they seem good, but what about when a white worm installs a patch that interferes with legitimate operation of the system? It is perfectly possible a vulnerability was left alone by the operator because the patch would have rendered the system unusable and that security measures external to the vulnerable system render the vulnerability moot.

    Of course, such machines aren't the ones likely to intersect common worm spread vectors...

    --
    Trouble making decisions? Just flip for it.
  3. Re:Not very benificial by smartdreamer · · Score: 5, Insightful
    If you are waiting for a Anti-Virus company to say "this virus is good and effective" you will wait a long time.

    What I see is a company saying we are first to report but we wont say anything that can be good for our "enemy". There is nothing difficult about testing its efficiency but it is not in their interest.

    I am not saying this worm is good, but that if they wanted to verify it would be easy.