A Web worm that identifies potential victims by searching Google is spreading among online bulletin boards using a vulnerable version of the program phpBB, security professionals said on Tuesday.
The Santy worm uses a flaw in the widely used community forum software known as the PHP Bulletin Board (phpBB) to spread, according to updated analyses. The worm searches Google for sites using a vulnerable version of the software, antivirus firm Kaspersky said in a statement.
http://news.zdnet.com/2100-1009_22-5499725.html?tag=nl.e589
.
Net worm using Google/ phpBB to spread
-
ZOtm_BigDOGGe
- Member
- Posts: 881
- Joined: Wed Nov 06, 2002 2:01 pm
- Location: Silicon Valley, California. USA
- Contact:
Net worm using Google/ phpBB to spread
--> "Obstacles are those frightful things you see when you take your eyes off your goals." -- Henry Ford
Ever get the feeling we're all just sitting ducks?
<center><img src="http://mtm2.com/~forum/images/topic3191phpacrossgoogle.gif" width="470" height="334"></center>
Here's a clue.
The affected machines are, in all likelihood, windows operating systems. I certainly don't want to be complaisant, but I've done everything possible to secure things.
<center><img src="http://mtm2.com/~forum/images/topic3191phpacrossgoogle.gif" width="470" height="334"></center>
Here's a clue.
...the worm deletes all HTML, PHP, active server pages (ASP), Java server pages (JSP), and secure HTML pages...
The affected machines are, in all likelihood, windows operating systems. I certainly don't want to be complaisant, but I've done everything possible to secure things.
-
ZOtm_BigDOGGe
- Member
- Posts: 881
- Joined: Wed Nov 06, 2002 2:01 pm
- Location: Silicon Valley, California. USA
- Contact:
Well, if it quacks like a duck......
Let's hope that "no upgrades available" message means you have the latest version, and am already protected.
I wish they'd put "mandatory death penalty for hackers and virus writers" in a ballot, because I'd vote for it....(not really, but that's how I feel sometimes).
Web sites using a vulnerable version of phpBB should upgrade, the phpBB Project site advises.
Let's hope that "no upgrades available" message means you have the latest version, and am already protected.
I wish they'd put "mandatory death penalty for hackers and virus writers" in a ballot, because I'd vote for it....(not really, but that's how I feel sometimes).
--> "Obstacles are those frightful things you see when you take your eyes off your goals." -- Henry Ford
..Maybe the updated versions have the holes?...just a thought...
...*sets up norton cannons, used to blast viruses to pices upon detection, firing a 88mm higly explosive, anti personell, nukeular,atomic,bio chemiacal,crossive,oxodizing,melting raido active warhead and eliminates virus/worm instantly....In short Norton,spybot S&D and a fire wall
* make sure to be careful guys!
...*sets up norton cannons, used to blast viruses to pices upon detection, firing a 88mm higly explosive, anti personell, nukeular,atomic,bio chemiacal,crossive,oxodizing,melting raido active warhead and eliminates virus/worm instantly....In short Norton,spybot S&D and a fire wall
* make sure to be careful guys!<This space for rent>
<Same with this one>
5/4 people have problems with fractions
<Same with this one>
5/4 people have problems with fractions
-
NIR_Cr@$hC@rt
- Member
- Posts: 369
- Joined: Sat May 24, 2003 2:16 pm
- Location: UK
- Contact:
Is this the one that attacks sites and deletes the whole thing, before creating one page saying: This site is defaced! I believe it's the NeverEverNoSanity worm. I know of a few good sites that have been attacked by it. 
On a kind of related note, is anyone having problems with BullsEye Network adware? It gets around Nortor Security, including the new updates. I've tried quarantining and deleting it but the file just instantly re-appears. I hate adware.![[:-|]](./images/smilies/smilie_angry.gif "Angry")
On a kind of related note, is anyone having problems with BullsEye Network adware? It gets around Nortor Security, including the new updates. I've tried quarantining and deleting it but the file just instantly re-appears. I hate adware.
I thought of you guys here when I found out about this today.
Leave it to Ziff Davis to use a cheap grocery store tabloid headline ploy by calling it a "Net worm using Google to spread" though.
What a joke and way off the point.
It is a hacking tool to automate the defacing PHP web sites and nothing else.
The tool just uses search engine results for a search of "Powered by PHPbb", it makes no difference what search engine, and it does not infect the search engine or even any sites it defaces and can't harm those that visit.
The hacker could just as easily deface any PHP site he finds.
Searching the net for something all of them contain just made for more targets is all.
ZDNet Claiming "Net worm using Google to spread" was assanine.
"PHP Bulleten Boards being found by search engines and trashed" would have been a much better headline I would think, because the millions of people that use Google are simply not affected and 99% could care less.
Details here:
http://news.zdnet.com/2100-1009_22-5499 ... ag=nl.e589
----
But much more info here:
http://isc.sans.org/diary.php?date=2004-12-21
"The worm exploits the 'highlight' bug in phpBB 2.0.10 and
earlier. The current version of phpBB (2.0.11, released Nov.
18th) fixes this problem."
To update the progress of the community supported
distributions progress on releasing a PHP update, Red Hat
has released updated rpms for FC2 and FC3 at the same
time as their enterprise products (well done), The Fedora
Legacy continues discussion for earlier Red Hat releases but
still nothing for FC1 (which should be a simple 4.3.3 to
4.3.10 upgrade). Debian still not available.
----
PHP is mainly a Unix type system script launguage.
Windows guys use VBscript (.asp) so few if any windows servers will be affected.
Glad to see that this was not the cause of your problem here.
Live long and prosper MTM2.com ;-}
Leave it to Ziff Davis to use a cheap grocery store tabloid headline ploy by calling it a "Net worm using Google to spread" though.
What a joke and way off the point.
It is a hacking tool to automate the defacing PHP web sites and nothing else.
The tool just uses search engine results for a search of "Powered by PHPbb", it makes no difference what search engine, and it does not infect the search engine or even any sites it defaces and can't harm those that visit.
The hacker could just as easily deface any PHP site he finds.
Searching the net for something all of them contain just made for more targets is all.
ZDNet Claiming "Net worm using Google to spread" was assanine.
"PHP Bulleten Boards being found by search engines and trashed" would have been a much better headline I would think, because the millions of people that use Google are simply not affected and 99% could care less.
Details here:
http://news.zdnet.com/2100-1009_22-5499 ... ag=nl.e589
----
But much more info here:
http://isc.sans.org/diary.php?date=2004-12-21
"The worm exploits the 'highlight' bug in phpBB 2.0.10 and
earlier. The current version of phpBB (2.0.11, released Nov.
18th) fixes this problem."
To update the progress of the community supported
distributions progress on releasing a PHP update, Red Hat
has released updated rpms for FC2 and FC3 at the same
time as their enterprise products (well done), The Fedora
Legacy continues discussion for earlier Red Hat releases but
still nothing for FC1 (which should be a simple 4.3.3 to
4.3.10 upgrade). Debian still not available.
----
PHP is mainly a Unix type system script launguage.
Windows guys use VBscript (.asp) so few if any windows servers will be affected.
Glad to see that this was not the cause of your problem here.
Live long and prosper MTM2.com ;-}
<IMG SRC="http://vales.com/sigs/KC.gif" border=0>
It's all how you look at things ©¿©¬
It's all how you look at things ©¿©¬
Just a follow up.
This is the fix for phpbb. Forward the link to anybody you know who uses phpbb.
http://www.phpbb.com/phpBB/viewtopic.php?t=240513
Also, the v4.3.10 php release has sql database issues and will cause some programs and scripts to fail. Most package builders are waiting on v4.3.11 before integrating it onto their programming.
This is the fix for phpbb. Forward the link to anybody you know who uses phpbb.
http://www.phpbb.com/phpBB/viewtopic.php?t=240513
Also, the v4.3.10 php release has sql database issues and will cause some programs and scripts to fail. Most package builders are waiting on v4.3.11 before integrating it onto their programming.