Anti-Santy Worm Patches phpBB Flaw
sebFlyte writes "Interesting Santy worm story -- there's now an anti-Santy worm proliferating, which spreads the same way as a normal worm, but rather than killing machines or taking control of them, it gives them security updates..." We mentioned the Santy worm about ten days ago.
- Sites that have been attacked by the anti-Santy worm are defaced with the words: "viewtopic.php secured by Anti-Santy-Worm V4. Your site is a bit safer, but upgrade to >= 2.0.11."
If I break into your house and clean your bathroom you could call me beneficial, but you might get a little upset if I used spray-paint to write "This house is a bit cleaner, but buy some Lysol" on your front door.In principle they seem good, but what about when a white worm installs a patch that interferes with legitimate operation of the system? It is perfectly possible a vulnerability was left alone by the operator because the patch would have rendered the system unusable and that security measures external to the vulnerable system render the vulnerability moot.
Of course, such machines aren't the ones likely to intersect common worm spread vectors...
Trouble making decisions? Just flip for it.
What I see is a company saying we are first to report but we wont say anything that can be good for our "enemy". There is nothing difficult about testing its efficiency but it is not in their interest.
I am not saying this worm is good, but that if they wanted to verify it would be easy.