Dismiss Notice

Welcome To CK5!

Registering is free and easy! Hope to see you on the forums soon.

Score a FREE t-shirt and membership sticker when you sign up for a Premium Membership and choose the recurring plan.

Internet Forum Virus: ATTN Steve

Discussion in 'Feedback | Site Announcements' started by readymix, Dec 21, 2004.

  1. readymix

    readymix 3/4 ton status

    Joined:
    May 30, 2004
    Posts:
    6,706
    Likes Received:
    26
    Location:
    Murrieta, California
    I don't think that this affects us here. Just a heads up.



    A new worm is playing havoc with certain Web sites by exploiting a security hole in PHPbb, a popular program used to create Internet forums, several security firms warned Tuesday.

    Russian-based Kaspersky Lab was among the first to report sightings of Net.Worm.Perl.Santy-A, labeling it a severe risk. According to the firm, Santy-A is spreading rapidly. "However, this does not directly affect end users," the firm said in a statement. "Although the worm infects Web sites, it does not infect computers used to view these sites."

    Kaspersky added, "Santy-A is something of a novelty. It creates a specially formulated Google search request, which results in a list of sites running vulnerable versions of PHPbb. It then sends a request containing a procedure which will trigger the vulnerability to these sites. Once the attacked server processes the request, the worm will penetrate the site, gaining control over the resource. It then repeats this routine."

    Once the worm dominates a site, it scans all the directories. All files with the extensions .htm, .php, .asp, .shtm, .jsp and .phtm are overwritten with the text "This site is defaced!!! This site is defaced!!! NeverEverNoSanity WebWorm generation."

    Apart from defacing infected sites with this text, Kaspersky said the worm has no payload. It will not infect machines used to view compromised sites. The firm recommends PHPbb users upgrade to version 2.0.11 to keep their sites from being defaced.

    Finnish security firm F-Secure Corp. and Lynnfield, Mass.-based Sophos also confirmed sightings of Santy-A.

    "It's out there. It's spreading. It seems to be pretty bad. We're still analyzing further," Mikko Hypponen, F-Secure's director of AV research, said in an e-mail. "It's a perl worm searching vulnerable forum sites via Google. When hit, the site gets defaced and restarts Google scanning."

    "I know that security holes have been found in PHPbb's software in the past, so it is important that people keep up to date with their security patches and latest revisions," Graham Cluley, senior technology consultant for antivirus firm Sophos, said in an e-mail.

    Reston, Va.-based iDefense reiterated that advice and reported more than 38,000 sites had been compromised since this morning. Ken Dunham, the company's director of malicious code, said the worm may be exploiting a recent SQL injection vulnerability for phpBB 2.0.10 reported on Nov. 29. "If that is the case, this worm was rapidly authored and deployed, just a few weeks following the vulnerability announcement," he said in a prepared statement.
     
  2. 75-K5

    75-K5 3/4 ton status

    Joined:
    Apr 28, 2002
    Posts:
    5,353
    Likes Received:
    0
    Location:
    Anderson, Indiana
    Thankfully it shouldn't affect CK5 since we use vBulletin, not phpBB, but many other message boards do, especially the smaller and/or local ones, so it's good to have the heads up, thanks.:thumb:
     
  3. readymix

    readymix 3/4 ton status

    Joined:
    May 30, 2004
    Posts:
    6,706
    Likes Received:
    26
    Location:
    Murrieta, California
    Good to know that it should not affect us. That is what i figured
     
  4. 85mudblazin

    85mudblazin 1/2 ton status

    Joined:
    Mar 26, 2004
    Posts:
    3,951
    Likes Received:
    0
    Location:
    Austin,TX
    yea our local AustinK5 site got hit by the worm, sucks bad:mad:
     
  5. CK5

    CK5 In my underwear Administrator Premium Member GMOTM Winner Author

    Joined:
    May 19, 1999
    Posts:
    21,624
    Likes Received:
    702
    Location:
    CO
    Yeah, I read that this moring some where, always something.
     
  6. joez

    joez 1/2 ton status

    Joined:
    Oct 21, 2003
    Posts:
    2,512
    Likes Received:
    0
    Location:
    New Lenox, Illinois
    Damnit, now i gotta upgrade my site as fast as possible, and i dont have a clue how to do it:mad::mad::mad::mad::mad:
     
  7. nvrenuf

    nvrenuf NONE shall pass! Premium Member

    Joined:
    Jan 7, 2002
    Posts:
    13,079
    Likes Received:
    247
    Location:
    Mobile, Al.
    Score 1 (more) point for the VB upgrade. ;)
     
  8. CK5

    CK5 In my underwear Administrator Premium Member GMOTM Winner Author

    Joined:
    May 19, 1999
    Posts:
    21,624
    Likes Received:
    702
    Location:
    CO
    This is one of the reasons I stay away from "free" software, not saying that it couldn't happen to purchased software, just that if someone is going to exploit software for the fun of it chances are they are not going to buy it just to mess with it.
     
  9. joez

    joez 1/2 ton status

    Joined:
    Oct 21, 2003
    Posts:
    2,512
    Likes Received:
    0
    Location:
    New Lenox, Illinois
    Its what ive wanted to do since i took my site over, im just still trying to figure it all out. Im gonna have to look into changing to VB. It keeps looking better and better, even though there is some stuff i dont like about it :D
     

Share This Page