Topics

User Functions

Events

There are no upcoming events

What's New

Stories last 2 weeks

No new stories

Comments last 2 weeks

No new comments

Trackbacks last 2 weeks

No new trackback comments

Links last 2 weeks

No recent new links

NEW FILES last 14 days

No new files

Welcome to Geeklog Wednesday, April 23 2014 @ 05:20 PM EDT

Offtopic: phpBB worm in the wild

Security
  • Wednesday, December 22 2004 @ 04:00 AM EST
  • Contributed by:
  • Views:
    29,577

This isn't exactly Geeklog-related, but since quite a few sites seem to be running phpBB (with or without the phpBBBridge), I'd like to point out that there's a worm going around at the moment that exploits a bug in phpBB versions 2.0.10 and earlier.

This seems to be the first time (at least that I'm aware of) that an automatic exploit for a web application is in the wild. The worm uses Google to search for phpBB boards, infects them, and then continues to spread from there. Infected sites show a red text "NeverEverNoSanity WebWorm Generation" (followed by a number) on a black background. More information about the worm can be found in the usual places, e.g. Bugtraq.

So to all phpBB users out there: Upgrade to phpBB 2.0.11 ASAP.

Update: According to F-Secure, Google is now blocking the requests of the worm (dubbed "Santy"), which should stop it for now (until a new worm comes, that uses another search engine ...). It's still strongly recommended to update phpBB, of course.

The following comments are owned by whomever posted them. This site is not responsible for what they say.

  • Offtopic: phpBB worm in the wild
  • Authored by:RickW on Wednesday, December 22 2004 @ 08:45 AM EST
I posted information about this worm at http://www.antisource.com/article.php/20041221112101615 as well.

---
www.antisource.com

  • Offtopic: phpBB worm in the wild
  • Authored by:Agent X20 on Wednesday, December 22 2004 @ 04:08 PM EST
I got hit - but I'm running phpbb 2.0.11! What seems to have happened is that another site on the server running an old version of phpbb got hit and I had a few files not quite locked down permission wise and they got clobbered as well. Not good!
  • Offtopic: phpBB worm in the wild
  • Authored by:Turias on Wednesday, December 22 2004 @ 05:20 PM EST
Versions 0.75 and higher of the phpBBBridge all use phpBB 2.0.11, so if you are using one of those versions, you should be ok. If you are not, I would recommend upgrading immediately.