Pelican Parts
Parts Catalog Accessories Catalog How To Articles Tech Forums
Call Pelican Parts at 888-280-7799
Shopping Cart Cart | Project List | Order Status | Help



Go Back   Pelican Parts Forums > Porsche Forums > Porsche 911 Technical Forum
Website Virus Using Google Website Virus Using Google
Register Garage FAQ Social Groups Calendar Search Today's Posts Mark Forums Read


Reply
 
LinkBack Thread Tools Rate Thread
Author
Thread Post New Thread    Reply
Registered
 
Join Date: Sep 2004
Location: new york, ny
Posts: 31
Send a message via AIM to jackhart Send a message via Yahoo to jackhart
Website Virus Using Google
Wayne, I just read about a virus that attacks websites written in PHP...just passing this along, it seems to be a widespread type of thing that has hit several boards i belong to.

http://news.com.com/Net+worm+using+Google+to+spread/2100-7349_3-5499725.html?tag=st_lh

A Web worm that identifies potential victims by searching Google is spreading among online bulletin boards using a vulnerable version of the program phpBB, security professionals said on Tuesday.
The Santy worm uses a flaw, announced last week, in the software that interprets Web pages written in the widely used scripting language PHP: Hypertext Preprocessor (PHP). However, rather than attempt to infect all Web sites running PHP, the worm instead targets a specific application--the PHP Bulletin Board (phpBB)--and searches Google for vulnerable sites, antivirus firm Kaspersky said in a statement.
Almost 40,000 sites may have already been infected. Using Microsoft's Search engine to scan for the phrase "NeverEverNoSanity"--part of the defacement text that the Santy worm uses to replace files on infected Web sites--returns nearly 39,000 hits.
Click to view"Santy.a is spreading rapidly, and has caused an epidemic," antivirus firm Kaspersky stated in a new release published Tuesday. "However, this does not directly affect users. Although the worm infects Web sites, it does not infect computers used to view those sites."
The worm sends Google a specific search request, essentially asking for a list of vulnerable sites. Armed with the list, the worm then attempts to spread to those sites using a PHP request designed to exploit the phpBB bulletin board software.
The worm is the latest twist on using Google as an attack tool, a practice known as Google hacking. It may also be the first time that a program used Google to identify victims for an attack.
Around 6 million sites appear to be running the phpBB software, according to a search of Google for the phrase "Powered by phpBB"--an acknowledgment appended to the bottom of any site that use the software.
"There are tons of these PHP bulletin board installs around," said Johannes Ullrich, chief technology officer of the Internet Storm Center, which tracks online threats.
Using Google to determine vulnerable sites is not an academic exercise. The worm does exactly that: Once Santy infects a Web site, it searches Google for other sites running phpBB and then attempts to infect those sites as well.
After it has taken over a site, the worm deletes all HTML, PHP, active server pages (ASP), Java server pages (JSP), and secure HTML pages, and replaces them with the text, "This site is defaced!!! This site is defaced!!! NeverEverNoSanity WebWorm generation X," according to Kaspersky. For "X," the worm inserts a number representing how far the current instance of the program is descended from the original worm release. MSN searches have found 24th generations of the worm.
Google did not immediately comment on the worm, but a spokesman did say that the company had seen the information and had started to study the issue.
The response, or lack thereof, frustrated some members of the antivirus community, who believed that the search giant could easily stop the worm by filtering out its search for victims.
"We know exactly which searches to stop," said Mikko Hypponen, research director of antivirus firm F-Secure. "It would be trivial to stop this thing."
Web sites using a vulnerable version of PHP should upgrade, the phpBB Project site advises.

__________________
________________________
Dave

74 911S 3.0L - Sold!
96 Modified Full Size Bronco
05 Jeep Unlimited Rubicon
Old 12-23-2004, 07:43 AM
  Pelican Parts Catalog | Tech Articles | Promos & Specials    Reply With Quote #1 (permalink)
Registered
 
kstylianos's Avatar
 
Join Date: Nov 2002
Location: Arlington, VA
Posts: 1,045
Send a message via Yahoo to kstylianos
Quote:
However, rather than attempt to infect all Web sites running PHP, the worm instead targets a specific application--the PHP Bulletin Board (phpBB)
Pelican Parts uses vBulletin, which is also PHP powered. Although not a likely target by this particular virus as Santy targets phpBB boards. If this is a generic PHP hole, it will probably be exploited soon, targeting other PHP based systems. We just had to patch our phpBB board. PHP just released a fix a couple days ago to fix this particular security hole.

Scary thought to loose all "HTML, PHP, active server pages (ASP), Java server pages (JSP), and secure HTML pages."

You are only as safe as your last backup......

__________________
Charlie Stylianos
1982 SC Targa
www.Dorkiphus.com - (The Land of the NoVA/DC/MD Porschephiles)
Last edited by kstylianos; 12-23-2004 at 09:05 AM..
Old 12-23-2004, 09:02 AM
  Pelican Parts Catalog | Tech Articles | Promos & Specials    Reply With Quote #2 (permalink)
Reply

« Previous Thread | Next Thread »
Thread Tools
Rate This Thread
Rate This Thread:

 


All times are GMT -8. The time now is 05:57 AM.

Contact Us - Pelican Parts Catalog for Porsche, BMW, Mercedes-Benz, MINI and More - Archive - Privacy Statement - Terms of Service - Top

 
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0
Copyright 2025 Pelican Parts, LLC - Posts may be archived for display on the Pelican Parts Website -    DMCA Registered Agent Contact Page
 

DTO Garage Plus vBulletin Plugins by Drive Thru Online, Inc.