Welcome to Geeklog Tuesday, June 25 2019 @ 11:59 pm EDT

Offtopic: phpBB worm in the wild

  • Contributed by:
  • Views: 31,973
Security

This isn't exactly Geeklog-related, but since quite a few sites seem to be running phpBB (with or without the phpBBBridge), I'd like to point out that there's a worm going around at the moment that exploits a bug in phpBB versions 2.0.10 and earlier.

This seems to be the first time (at least that I'm aware of) that an automatic exploit for a web application is in the wild. The worm uses Google to search for phpBB boards, infects them, and then continues to spread from there. Infected sites show a red text "NeverEverNoSanity WebWorm Generation" (followed by a number) on a black background. More information about the worm can be found in the usual places, e.g. Bugtraq.

So to all phpBB users out there: Upgrade to phpBB 2.0.11 ASAP.

Update: According to F-Secure, Google is now blocking the requests of the worm (dubbed "Santy"), which should stop it for now (until a new worm comes, that uses another search engine ...). It's still strongly recommended to update phpBB, of course.