New worm targets vulnerable messageboards

[Babel-17]

A Web worm that identifies potential victims by searching Google is spreading among online bulletin boards using a vulnerable version of the program phpBB, security professionals said on Tuesday.

The Santy worm uses a flaw in the widely used community forum software known as the PHP Bulletin Board (phpBB) to spread, according to updated analyses. The worm searches Google for sites using a vulnerable version of the software, antivirus firm Kaspersky said in a statement.

Almost 40,000 sites may have already been infected. Using Microsoft's Search engine to scan for the phrase "NeverEverNoSanity"--part of the defacement text that the Santy worm uses to replace files on infected Web sites--returns nearly 39,000 hits.

"Santy.a is spreading rapidly," antivirus firm Kaspersky stated in a new release published Tuesday. "However, this does not directly affect users. Although the worm infects Web sites, it does not infect computers used to view those sites."

http://news.zdnet.com/2100-1009_22-5499725.html?tag=nl.e589


Apologies in advance if my post doesn't relate to this forum.

 

[Babel-17]

Sorry, it appears Beyond3D has already taken measures. I just read the following in another thread.

LB, it was because phpbb was patched (I think) to prevent whatever virus is crawling around from taking over the forum.

Still, if anyone knows the manager of a forum who might not be as vigilant it seems worth notifying them regarding this worm.

Good excuse to get people to update anyways.

 

[Dave Baumann]

Thanks. Both the forum software and php versions were updated to the most secure known releases a while back.