Tuesday, December 21, 2004

Santy.a infection on websites!

Today I received some reports about certain sites being defaced. Investigation has shown that a worm which utilizes a vulnerability in phpBB is responsible for this. Further analysis has shown that although older versions of phpBB are vulnerable, phpBB 2.0.11 is not. Therefore I strongly urge everyone to update to phpBB 2.0.11 to prevent infection by this Worm. Almost 40,000 sites may have already been infected. Using Microsoft's Search engine to scan for the phrase "NeverEverNoSanity"--part of the defacement text that the Santy worm uses to replace files on infected Web sites--returns nearly 39,000 hits. This virus spreads on web servers running the phpBB 2.x application. Other systems are not affected. The worm uses Google to search for target systems to attack, by running a query for text present on web pages that are served by phpBB. A normal pc user cannot be infected by the worm by visiting an infected website.