Slashdot Mirror

← Back to Stories (view on slashdot.org)

Anti-Santy Worm Patches phpBB Flaw

Posted by michael on from the whether-you-like-it-or-not dept.

sebFlyte writes "Interesting Santy worm story -- there's now an anti-Santy worm proliferating, which spreads the same way as a normal worm, but rather than killing machines or taking control of them, it gives them security updates..." We mentioned the Santy worm about ten days ago.

23 of 245 comments (clear)

  1. Not very benificial by lightdarkness · · Score: 5, Informative

    Is reporting that they don't know if the worm actually patches it sucessfully. For all we know, it could be infecting the System. When searching, only 3 results came up.

    1. Re:Not very benificial by smartdreamer · · Score: 5, Insightful
      If you are waiting for a Anti-Virus company to say "this virus is good and effective" you will wait a long time.

      What I see is a company saying we are first to report but we wont say anything that can be good for our "enemy". There is nothing difficult about testing its efficiency but it is not in their interest.

      I am not saying this worm is good, but that if they wanted to verify it would be easy.

  2. Aren't... by Anonymous Coward · · Score: 5, Funny

    worms that remove/kill the MS OS is the same as a security patch?

  3. I can imagine explaining this... by Chemisor · · Score: 5, Funny

    "You see Mom, there are Good worms and there are Bad worms"

  4. Still illegal by Anonymous Coward · · Score: 4, Insightful

    The author of this worm still doesn't have permission to modify the source code running on people's servers. Yes, they may be idiots, but idiots still have rights (for the moment).

  5. If the anti-Santy worm... by shigelojoe · · Score: 5, Funny

    ...and the Santy worm come in contact, would it cause the server to asplode in a brilliant flash of light?

  6. Re:White Worms by Texodore · · Score: 4, Funny

    I have a white worm the updates my system. It pops with the name "Automatic Updates."

  7. Nice, but at what cost? by Novous · · Score: 4, Insightful

    The problem with a "good" virus, is that because of an oversight, it may cause more damage. It could open up a new expliot, or subtly damage a part of the server.

  8. Re:White Worms by antifoidulus · · Score: 4, Insightful

    Till the worm installs a security patch that causes a bug that it takes someone hours upon hours of debugging to locate. People should be allowed to patch when they want. Patches aren't always 100% correct, and some can cause some major havoc. Let each person decide if/when the patch is needed...

    --
    Monstar L
  9. Security update? by jacobcaz · · Score: 5, Insightful
    Is this really a "security update" as much as it's fiddling a bit with some PHP code? And this "beneficial" worm still defaces the site too:
    • Sites that have been attacked by the anti-Santy worm are defaced with the words: "viewtopic.php secured by Anti-Santy-Worm V4. Your site is a bit safer, but upgrade to >= 2.0.11."
    If I break into your house and clean your bathroom you could call me beneficial, but you might get a little upset if I used spray-paint to write "This house is a bit cleaner, but buy some Lysol" on your front door.
    1. Re:Security update? by imsabbel · · Score: 4, Insightful

      No, its more like , after finding your car unlocked and doors open, closing the door and put a piece of paper on the dashboard to lock it the next time...

      --
      HI O WISE PRINCE. WHT TOOK U SO DAM LONG?
  10. Re:White Worms by aborchers · · Score: 5, Insightful

    In principle they seem good, but what about when a white worm installs a patch that interferes with legitimate operation of the system? It is perfectly possible a vulnerability was left alone by the operator because the patch would have rendered the system unusable and that security measures external to the vulnerable system render the vulnerability moot.

    Of course, such machines aren't the ones likely to intersect common worm spread vectors...

    --
    Trouble making decisions? Just flip for it.
  11. Good Worms, Bad Worms by mohrt · · Score: 4, Funny

    Using a worm as a way to help instead of wreak havoc, this is an interesting idea. Why don't they carry this idea over to Spam and use it to send me things I'm actually interested in?

  12. Anti-IE worm... by Vague+but+True · · Score: 5, Interesting

    How long before someone makes an "Anti-IE" worm that automaticaly installs FF on everyone's computers.

    --

    I'm not a doctor, but I play one in bed.

  13. Re:White Worms by GoofyBoy · · Score: 4, Interesting

    From the article;

    "If a site is infected, the worm causes a huge amount of traffic and slows down the site. I don't think it's possible to write a beneficial worm."

    --
    The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
  14. No such thing as a white worm by genessy · · Score: 5, Interesting

    Even if the worm patched the site without defacing it yet again, it's still going to bog down networks by replicating. Perhaps a better alternative would be to send a simple e-mail to vulnerable sites and allow them to make the decision to patch or upgrade to the newest version.

  15. Re:Well, in that case... by ErichTheWebGuy · · Score: 5, Funny

    ...give me your IP and I will login and make sure everything is in order.

    Sure, and thanks! I appreciate it. My ip is 127.0.0.1. Let me know if you find anything worth patching!

    --
    bash: rtfm: command not found
  16. What? That doesn't exist! by Epistax · · Score: 4, Funny

    Driftwood: "It's alright, that's in every contract! That's what they call the 'Sanity Clause.'"
    Fiorello: "Ha-ha-ha-ha-ha. You can't fool me...there ain't no Sanity Clause."

  17. Re:Well, in that case... by Anonymous Coward · · Score: 5, Funny

    Oh my God! I've never seen so much child and bestiality porn! You sicken me.

  18. Survival of the fittest by melvo · · Score: 4, Interesting

    The "success" of viruses and worms so far have been characterised by their ability to reproduce. This bears some resemblance to their genetic counterparts.

    Perhaps the next phase will be a virus or worm that follows genetic theory. The genetic features that would have to be modelled would be:

    1) it is considered beneficial
    2) it can reproduce
    3) it can mutate

    The successful entities would then survive, and the unsucessful mutations would die out. Survival of the fittest?

  19. which brings up another question... by zogger · · Score: 4, Interesting

    ... well, to me anyway because I just don't know. There are a lot of distros out there, including all the various "live" versions, and various ways to install. I am wondering, is there such a beast as a no brainer, one click to install Linux distro that works over the internet and would seamlessly replace a users windows install with a working and safe while downloading and installing linux distro? I mean, a windows user (or another linux user, whatever) clicks on a webpage link and off she goes? With broadband now, it's common to downloand an ISO and burn it, I was just wondering if there was a distro that was designed from the ground up to eliminate that intermediary step. Say someone had finally just had it with windows problems, just said to heck with it, just replace this whole mess with something else, etc. Click, download, install, as easy as a normal app? I know there are "network" installs, but those are usually targeted at corporations where a lot of PCs are on the LAN, etc, I mean one for joe raw beginner newbie home user surfer.

  20. The Code by RobertTaylor · · Score: 4, Informative

    Full code of asw.txt here....

    This is the code of the worm extracted from a vulnerable box.

    # asw: anti santy worm
    # this worm will try to fix any viewtopic.php on local box
    # will use this box for 1 day to search other buggy phpBB forums, and end.
    etc...

  21. Re:White Worms by Niet3sche · · Score: 4, Insightful
    I feel that white worms, when done correctly, are a good thing. This is a case where the ends justify the means, even if it does mean comprimising vulnerable systems.

    I disagree.

    I very nearly wrote an anti-code-blue worm a few years back, and got to the point of payload (patch) deployment when the glaring flaw came to me: any time that you or a program that you made does something unexpected, or makes a connection to another machine, YOU are liable for what happens. Given that heterogeneous computers and networks exist, can you test for 100% of all possible cases? Likely not.

    It's not so much that I disagree with the sentiment, you see, but I find it impossible to ever run into the case that a white worm is done correctly and can be certified as such.

    In the example above, for instance, all that an attacker would have to do would be to infect a netblock with Code Blue, point them at my anti-blue worm launcher, and then watch the fun as I "cause" a DDOS with all the network traffic that will go spewing back and forth between the two sites. The attacker has now been able to effect the Availability of two sites in one go. Not exactly something that I'd like my name attached to, hence the reason that no anti-code-blue-worms have been released into the wild from me.