Google has responded to calls from antivirus companies to stop the advance of an Internet worm that was using the search engine's technology to spread among online bulletin boards.
Antivirus companies say the Santy worm, which searches Google for sites that use a vulnerable version of the phpBB bulletin board software, is spreading quickly - it had already infected about 40,000 Web sites by Tuesday evening.
A worm which attacks web servers running the popular phpBB discussion forum software to deface vulnerable systems spread widely across the net today.
The Santy worm searches for vulnerable forum sites using Google. When a suitable target is found, Santy uses a remote exploit to gain access and deface it before resuming its scanning activity. Content on defaced sites is replaced by the following text string.
"This site is defaced!!!" NeverEverNoSanity
Kaspersky Labs, a security software company in Moscow, said Tuesday that it has detected a new worm that uses search site Google to automatically find vulnerable systems. The worm, called Net-Worm.Perl.Santy.a, queries Google to locate Web sites running vulnerable versions of phpBB, which is software for creating Internet forums using the PHP scripting language.
A week ago, the PHP Group, an open-source development organization, issued PHP 4.3.10 and PHP 5.0.3 to close the vulnerabilities this worm exploits. A fix of phpBB, version 2.0.11, was issued in mid-November.
I'm annoyed. Over the past weeks, I've been receiving a constant flow W32-Sober virus attacks, ostensibly from the server of an international hotel chain based in Germany. After several tries, I managed to reach to the head of IT at the hotel and speak to him about the virus attack problems I am having. They are aware of the issue and believe someone has hijacked their domain to spread viruses. It's a huge problem for them and they don't know what to do about it other than respond to angry customers.
'Tis the season for some holiday cheer. It's also the time of year to reflect on the good security choices you've made over the year, the defense-in-depth strategy that you've decided to follow, and still be able to go home at night and have time for your wife and children.
It's an excellent time to review and reflect on your organization's security strategy, to see what's working and what's not. For this month's column I'm going to pose a number of questions that can help you review your environment and plan for future threats over the coming year.
The mass-mailing Christmas e-card virus Zafi.d is clogging huge amounts of bandwidth and now accounts for one in 15 of all emails, antivirus companies said on Thursday.
According to Sophos, the worm is responsible for 72 percent of all the company's virus reports in the last 24 hours.
"It's generating a lot of email," said Graham Cluley, senior technology consultant for Sophos. "It's a bit quieter today than yesterday when it was one in 10 emails. This is curious because it's sending a lot of email, but not necessarily everyone is receiving it."
Grinch-like virus writers are spreading their version of holiday cheer by embedding a variant of the so-called "Zafi" e-mail worm inside electronic greetings.
E-mails with the misspelled attachment "Happy Hollydays" arrived in inboxes Tuesday, with the subject line "Merry Christmas." A worm is hiding inside the attachment.
It propagates itself via e-mail contact lists when the attached file is opened and could render infected computers more vulnerable to spammers or hackers.
Consumers buying new PCs should force retailers to ensure that the machines are fully patched before purchase, according to Sophos.
Most computers in the shops will have operating systems that are months out of date, the security firm warned. While this will not affect basic operation, it leaves the PC without current security patches and thus vulnerable to viruses and hackers.
Mobile phone viruses will become rife within two years, according to an industry expert.
Speaking at anti-virus firm Kaspersky's annual press conference in Moscow, Marc Blanchard, director of Kaspersky's European anti-virus centre, claimed that the recent proof of concept mobile viruses would soon become a real threat.
"I think two years is a good estimate," said Blanchard. "Cabir has proved that the opportunity is there when enough people are using technology that can distribute the virus."
An email virus that poses as pictures of a nude glamour model actually contains malicious code designed to launch denial-of-service attacks on websites run by Chechen separatists.
