Santy Worm Variants Spreading

As we reported last week, Google had been used by the "Santy.A" worm to infect websites using vulnerable versions of phpBB. Google has since disallowed such search attempts by the worm, by simply not listing vulnerable sites in their search results.

Variants are now attempting to exploit search engines offered by Yahoo and AOL, targeting sites running versions of phpBB prior to version 2.0.11. Some variants of the worm damage sites using poorly coded php instances of include() and require(). AOL claims that they are no longer contributing to the spread of the worm, and Yahoo has declined all requests for comment.

Santy deletes content from effected php-based sites, and replaces it with information found within the worm itself. Luckily this worm is not communicable to computers who visit effected sites. Sites using older versions of phpBB should update immediately, and some sites utilizing php may have to be rewritten all together.

View: Google's Response @ F-Secure Virus Lab Blog

Previous Story
Neowin Interview: David Gorman, Creator of ModBlog & DeskMod
Next Story
Kick Start 2005 With MSN Video