Net Worm Uses Google to Spread

Net Worm Uses Google to Spread 309

Posted by michael on Tuesday December 21, 2004 @06:15PM from the web-service-takes-on-new-meaning dept.

troop23 writes "A web worm that identifies potential victims by searching Google is spreading among online bulletin boards using a vulnerable version of the program phpBB, security professionals said on Tuesday. Almost 40,000 sites may have already been infected. In an odd twist if you use Microsoft's Search engine to scan for the phrase 'NeverEverNoSanity'-- part of the defacement text that the Santy worm uses to replace files on infected Web sites--returns nearly 39,000 hits." Reader pmf sent in a few more information links: F-Secure weblog and Bugtraq posting. Update: 12/22 03:34 GMT by T : ZephyrXero links to this news.com article that says Google is now squashing requests generated by the worm.

Net Worm Uses Google to Spread

This discussion has been archived. No new comments can be posted.

Search 309 Comments Log In/Create an Account

Comments Filter:

Quick! (Score:5, Funny)

by Anonymous Coward writes: on Tuesday December 21, 2004 @06:16PM (#11153152)

Someone figure out a way to blame this on Microsoft!

Poor /. (Score:5, Funny)

by roman_mir ( 125474 ) writes: on Tuesday December 21, 2004 @06:17PM (#11153157) Homepage Journal

I think this virus/worm hit /., when I clicked on the link to this article, all I saw was: "Nothing for you to see here. Please move along."

If the virus goes senile... (Score:4, Funny)

by StevenHenderson ( 806391 ) writes: <stevehenderson.gmail@com> on Tuesday December 21, 2004 @06:18PM (#11153172)

it can always use Google Suggest to find victims. :)

And in a complete upset (Score:5, Funny)

by Marxist Hacker 42 ( 638312 ) * writes: <seebert42@gmail.com> on Tuesday December 21, 2004 @06:18PM (#11153178) Homepage Journal

Microsoft search beats Google at indexing pages hacked by this virus! MS Search turns up 39000 pages, google turns up zero on the same nonsense keyword!

Infect Slashdot (Score:5, Funny)

by somethinghollow ( 530478 ) writes: on Tuesday December 21, 2004 @06:18PM (#11153179) Homepage Journal

When it infects sites running SlashCode, it pretends to be a legitament post (so it can get the defacement tag "NeverEverNoSanity" on the front page, then monitors for posting, and tries to get first post, too.

Re:Under the Google radar (Score:1, Funny)

by ad0gg ( 594412 ) writes: on Tuesday December 21, 2004 @06:24PM (#11153261)

Google takes a while to get information into the index usually a couple weeks(this doesn't apply to news sites or other sites google deems to be updated constantly), MSN beta search usually lags about a day after a crawl. I won't even talk about how slow yahoo is(After first crawl and index).

Re:Latest Version of phpBB Unaffected (Score:3, Funny)

by Martin Blank ( 154261 ) writes: on Tuesday December 21, 2004 @06:33PM (#11153354) Homepage Journal

Good job. You do know that by Slashdotting the phpBB.com server, you're preventing people from patching, right? :)

This is kind of sad... (Score:3, Funny)

by The Hobo ( 783784 ) writes: on Tuesday December 21, 2004 @06:34PM (#11153364)

I had forgotten the MSN beta search engine, so I just googled it...

Re:Quick! (Score:4, Funny)

by ptr2004 ( 695756 ) writes: on Tuesday December 21, 2004 @06:36PM (#11153383)

In other news. A tele-marketer used a telephone directory to make calls

My Christmas gift! Noooooo! (Score:2, Funny)

by 286 ( 620933 ) writes: on Tuesday December 21, 2004 @06:37PM (#11153401)

So I get my present, in the mail, a little early.
A new HDTV card...
I go to download [pchdtv.com] the linux only drivers and...

NeverEverNoSanity!!!

Argh! &$@*#! Humbug.

Re:Infect Slashdot (Score:3, Funny)

by sconeu ( 64226 ) writes: on Tuesday December 21, 2004 @06:40PM (#11153432) Homepage Journal

How is that different from most non-virus posts?

Re:Under the Google radar (Score:2, Funny)

by northcat ( 827059 ) writes: on Tuesday December 21, 2004 @06:50PM (#11153531) Journal

OMG! How is parent funny?!? Is this some bizzare experiment by slashdot mods?

NeverEverNoSanta (Score:1, Funny)

by Anonymous Coward writes: on Tuesday December 21, 2004 @06:58PM (#11153612)

"Once Santa infects a Web site, he searches Google for other sites running phpBB and then attempts to infect those sites as well."

Re:Everyone sets 'chmod 666' on their files nowada (Score:3, Funny)

by Just Some Guy ( 3352 ) writes: <kirk+slashdot@strauser.com> on Tuesday December 21, 2004 @07:31PM (#11153884) Homepage Journal

The worm didn't touch a single file not owned by user 'www' - just the few thousand files that were.

Re:Quick! (Score:5, Funny)

by AmberBlackCat ( 829689 ) writes: on Tuesday December 21, 2004 @09:18PM (#11154761)

Someone figure out a way to blame this on Microsoft!

The PHP guys will probably blame it on Apache 2.

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Net Worm Uses Google to Spread 309

Net Worm Uses Google to Spread More Login

Net Worm Uses Google to Spread

Quick! (Score:5, Funny)

Poor /. (Score:5, Funny)

If the virus goes senile... (Score:4, Funny)

And in a complete upset (Score:5, Funny)

Infect Slashdot (Score:5, Funny)

Re:Under the Google radar (Score:1, Funny)

Re:Latest Version of phpBB Unaffected (Score:3, Funny)

This is kind of sad... (Score:3, Funny)

Re:Quick! (Score:4, Funny)

My Christmas gift! Noooooo! (Score:2, Funny)

Re:Infect Slashdot (Score:3, Funny)

Re:Under the Google radar (Score:2, Funny)

NeverEverNoSanta (Score:1, Funny)

Re:Everyone sets 'chmod 666' on their files nowada (Score:3, Funny)

Re:Quick! (Score:5, Funny)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot