Anti-virus solution company Kaspersky Lab has reported a new worm that infects Web sites by exploiting vulnerability in phpBB, a package commonly used to create Internet forums.
Kaspersky says the Net-Worm.Perl.Santy.a is spreading rapidly, and has caused an epidemic. However, this does not directly affect end users because although the worm infects Web sites, it does not infect computers used to visit the sites.
Santy.a creates a specially formulated Google search request for a list of sites running vulnerable versions of phpBB. It then sends a request to these sites containing a procedure that triggers the vulnerability.
When the attacked server processes the request, the worm gains control of the server, repeats the routine, and also overwrites certain files with the text: "This site is defaced!!! NeverEverNoSanity WebWorm generation".
Apart from defacing infected sites with this text, the worm has no payload. Kaspersky Lab recommends that all users of phpBB should upgrade to version 2.0.11 to prevent their sites from being defaced.
Share
