ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Jobs
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


Security threats Toolkit

Anti-Santy worm spreads

Ingrid Marson ZDNet.co.uk

Published: 31 Dec 2004 13:00 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

An anti-Santy worm that uses search engines to spread among online bulletin boards has been spotted, F-Secure confirmed on Friday.

F-Secure said it was aware of seven sites that had been defaced by the worm. The anti-Santy worm searches Google for sites that use phpBB bulletin board software, infects the sites and attempts to make the sites more secure by installing a patch.

Mikko Hyppönen, director of antivirus research at F-Secure, said that although the worm may seem beneficial, in fact it is likely to cause problems for administrators who will have to handle the increase in traffic.

"I can't comment how effective it is in fixing the sites," said Hyppönen. "If a site is infected, the worm causes a huge amount of traffic and slows down the site. I don't think it's possible to write a beneficial worm."

Sites that have been attacked by the anti-Santy worm are defaced with the words: "viewtopic.php secured by Anti-Santy-Worm V4. Your site is a bit safer, but upgrade to >= 2.0.11."

Hyppönen said he has seen two versions of the defacement page, which lead to two different IP addresses. Both IP addresses resolve to Argentina, which suggest that that is where the anti-Santy worm originated.

The Santy worm wreaked havoc in the weeks before Christmas, spreading to over 40,000 Web sites by 21 December. On 22 December Google started blocking queries that were generated by the worm, to stop the worm from replicating. But a few days later it was discovered that it was using AOL's and Yahoo's search engines and was still targeting Google.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with Konica

Did you find this article useful?
102 out of 172 people found this useful


In association with Intel

Talkback

Post a comment


Full Talkback thread

2 comments

  1. Do you think the antivirus companies are worried t... The Way
  2. Anti-Santy is alive and well. It hit minnesotalin... Anonymous

Related Links

More In Security threats


Related Jobs

Systems Administrator

Digital SEO Manager

2nd Line Support

Sentry Posts Blog

Nasa hacker loses last-ditch appeal

Self-confessed Nasa hacker Gary McKinnon has lost his appeal to Home Secretary Jacqui Smith against extradition to the US. In an email sent to ZDNet.co.uk on Monday, McKinnon's... More

1 comment

Up to 1.7m MoD personal details missin...

The potential number of people affected by the the loss of a hard disk containing MoD details could be a high as 1.7 million, defence minister Bob Ainsworth told parliament on Monday. In... More

Post a comment

Toshiba touts Quantum Key Distribution

Toshiba research scientists have developed a method of distributing quantum keys more efficiently, the company has claimed in a statement: "[Quantum Key Distribution -- ] QKD --... More

Post a comment

Featured Oracle Resources

Human Resources Management eBook

Supply Chain Management eBook

Design and Innovation Report

Economist Intelligence Unit Report - Technology and growth at mid-sized companies

See All White Papers