Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Worms Security Businesses Google The Internet PHP Programming

Net Worm Uses Google to Spread 309

Posted by michael from the web-service-takes-on-new-meaning dept.
troop23 writes "A web worm that identifies potential victims by searching Google is spreading among online bulletin boards using a vulnerable version of the program phpBB, security professionals said on Tuesday. Almost 40,000 sites may have already been infected. In an odd twist if you use Microsoft's Search engine to scan for the phrase 'NeverEverNoSanity'-- part of the defacement text that the Santy worm uses to replace files on infected Web sites--returns nearly 39,000 hits." Reader pmf sent in a few more information links: F-Secure weblog and Bugtraq posting. Update: 12/22 03:34 GMT by T : ZephyrXero links to this news.com article that says Google is now squashing requests generated by the worm.
This discussion has been archived. No new comments can be posted.

Net Worm Uses Google to Spread More

Net Worm Uses Google to Spread

Comments Filter:

  • Re:Latest Version of phpBB Unaffected (Score:2, Insightful)

    by MightyMartian ( 840721 ) on Tuesday December 21, 2004 @06:25PM (#11153264) Journal
    > It looks like the latest phpBB version 2.0.11 or a simple patch will thwart
    > the worm, though. Time to upgrade if you haven't yet!

    That's alright. All the lazy admins will blame Google and everything will be okay!

    This, I suspect, is going to be a new way of infecting web-based apps. Just do a search for the vulnerable software on Google, Yahoo or whatever, pop in, do your damage and be on your way.

    Of course, it will get much worse if its some sort of E-commerce software or something like that and these worms happily start stealing credit card transactions.

  • Re:Latest Version of phpBB Unaffected (Score:4, Insightful)

    by topynate ( 694371 ) on Tuesday December 21, 2004 @06:29PM (#11153308)
    Given that probably 90% of script kiddies find targets with Google, it could only be a matter of time before someone automated the process.

    Maybe it's a theme - the worms of tomorrow will do what the script kiddies of today do.

  • Dshield disagrees (Score:4, Insightful)

    by JustinXB ( 756624 ) on Tuesday December 21, 2004 @06:31PM (#11153334)
    See here [sans.org]
    Note: we earlier reported that it takes advantage of a php vulnerability. This does not seem to be the case.
    Who are you going to believe: Some news site or a security community?

  • Comment removed (Score:3, Insightful)

    by account_deleted ( 4530225 ) on Tuesday December 21, 2004 @06:40PM (#11153444)
    Comment removed based on user account deletion

  • I got hit (Score:3, Insightful)

    by Ghoser777 ( 113623 ) <fahrenba@@@mac...com> on Tuesday December 21, 2004 @06:43PM (#11153459) Homepage
    My poor linux box - I felt so secure and then this little worm gets out. Thank god I had some recent backups, otherwise this would have really sucked. I guess it's alright though - you have to get rooted one time before you really understand how vulnerable the internet makes all of us.

  • Re:Ehhh.. Tape drive perhaps?? (Score:1, Insightful)

    by Anonymous Coward on Wednesday December 22, 2004 @02:07PM (#11160526)
    I guess you never had a hard drive stop working then. Lucky you. I've seen mechanical failures, electronic failures, interface failures, bent pins, people putting their fingers on sensitive electronic parts, static electricity zaping electronics, etc.


    Yes tapes can break, otherwise I've not seen nearly the same sorts of problems as with hard drives.


    Ok, not a tape lover then how about backup to cd-rw or DVD. But for goodness sake get the backup onto a medium that you take out of the computer and that you can put a copy offsite.

Slashdot Top Deals

Old programmers never die, they just hit account block limit.

Close