Welcome to Geeklog Wednesday, February 19 2020 @ 01:59 am EST

Offtopic: phpBB worm in the wild

  • Wednesday, December 22 2004 @ 04:00 am EST
  • Contributed by:
  • Views: 32,258
Security

This isn't exactly Geeklog-related, but since quite a few sites seem to be running phpBB (with or without the phpBBBridge), I'd like to point out that there's a worm going around at the moment that exploits a bug in phpBB versions 2.0.10 and earlier.

This seems to be the first time (at least that I'm aware of) that an automatic exploit for a web application is in the wild. The worm uses Google to search for phpBB boards, infects them, and then continues to spread from there. Infected sites show a red text "NeverEverNoSanity WebWorm Generation" (followed by a number) on a black background. More information about the worm can be found in the usual places, e.g. Bugtraq.

So to all phpBB users out there: Upgrade to phpBB 2.0.11 ASAP.

Update: According to F-Secure, Google is now blocking the requests of the worm (dubbed "Santy"), which should stop it for now (until a new worm comes, that uses another search engine ...). It's still strongly recommended to update phpBB, of course.