Anti-Santy Worm Patches phpBB Flaw

← Back to Stories (view on slashdot.org)

Anti-Santy Worm Patches phpBB Flaw

Posted by michael on Friday December 31, 2004 @04:25AM from the whether-you-like-it-or-not dept.

sebFlyte writes "Interesting Santy worm story -- there's now an anti-Santy worm proliferating, which spreads the same way as a normal worm, but rather than killing machines or taking control of them, it gives them security updates..." We mentioned the Santy worm about ten days ago.

11 of 245 comments (clear)

Min score:

Reason:

Sort:

Not very benificial by lightdarkness · 2004-12-31 04:26 · Score: 5, Informative

Is reporting that they don't know if the worm actually patches it sucessfully. For all we know, it could be infecting the System. When searching, only 3 results came up.
1. Re:Not very benificial by smartdreamer · 2004-12-31 06:09 · Score: 5, Insightful
  
  If you are waiting for a Anti-Virus company to say "this virus is good and effective" you will wait a long time.
  What I see is a company saying we are first to report but we wont say anything that can be good for our "enemy". There is nothing difficult about testing its efficiency but it is not in their interest.
  I am not saying this worm is good, but that if they wanted to verify it would be easy.
Aren't... by Anonymous Coward · 2004-12-31 04:27 · Score: 5, Funny

worms that remove/kill the MS OS is the same as a security patch?
I can imagine explaining this... by Chemisor · 2004-12-31 04:28 · Score: 5, Funny

"You see Mom, there are Good worms and there are Bad worms"
If the anti-Santy worm... by shigelojoe · 2004-12-31 04:30 · Score: 5, Funny

...and the Santy worm come in contact, would it cause the server to asplode in a brilliant flash of light?
Security update? by jacobcaz · 2004-12-31 04:32 · Score: 5, Insightful
Is this really a "security update" as much as it's fiddling a bit with some PHP code? And this "beneficial" worm still defaces the site too:
- Sites that have been attacked by the anti-Santy worm are defaced with the words: "viewtopic.php secured by Anti-Santy-Worm V4. Your site is a bit safer, but upgrade to >= 2.0.11."
If I break into your house and clean your bathroom you could call me beneficial, but you might get a little upset if I used spray-paint to write "This house is a bit cleaner, but buy some Lysol" on your front door.
Re:White Worms by aborchers · 2004-12-31 04:34 · Score: 5, Insightful

In principle they seem good, but what about when a white worm installs a patch that interferes with legitimate operation of the system? It is perfectly possible a vulnerability was left alone by the operator because the patch would have rendered the system unusable and that security measures external to the vulnerable system render the vulnerability moot.

Of course, such machines aren't the ones likely to intersect common worm spread vectors...

--
Trouble making decisions? Just flip for it.
Anti-IE worm... by Vague+but+True · 2004-12-31 04:36 · Score: 5, Interesting

How long before someone makes an "Anti-IE" worm that automaticaly installs FF on everyone's computers.

--
I'm not a doctor, but I play one in bed.
No such thing as a white worm by genessy · 2004-12-31 04:37 · Score: 5, Interesting

Even if the worm patched the site without defacing it yet again, it's still going to bog down networks by replicating. Perhaps a better alternative would be to send a simple e-mail to vulnerable sites and allow them to make the decision to patch or upgrade to the newest version.
Re:Well, in that case... by ErichTheWebGuy · 2004-12-31 04:37 · Score: 5, Funny

...give me your IP and I will login and make sure everything is in order.

Sure, and thanks! I appreciate it. My ip is 127.0.0.1. Let me know if you find anything worth patching!

--
bash: rtfm: command not found
Re:Well, in that case... by Anonymous Coward · 2004-12-31 04:40 · Score: 5, Funny

Oh my God! I've never seen so much child and bestiality porn! You sicken me.