To exploit a defect in the phpBB software, the Santy web-based worm defines a target through a search service and spreads on online networks.
Santy exploits a flaw in the widely used forum software, PHP Bulletin Board (phpBB), to spread. It tells Google to look for addresses that use the faulty version.
When a site is compromised, the virus deletes all ASP pages, HTML, PHP, JSPs and secure HTML pages, and replaces them with text: This site is defaced !!! This site is defaced !!! NeverEverNoSanity WebWorm generation X "The point is that the address has been hacked and deformed. Kaspersky says that in the X position, the hacker inserts a number indicating what version it is. If you use MSN Search to test it can be seen that this is the 24th generation of this virus.
According to Kaspersky, about 40,000 sites were infected with Santy. If you use the Microsoft search engine to find & quot; NeverEverNoSanity & quot; (part of the text above), you will receive about 39,000 results.
Russian security software company says Santy is spreading fast but does not directly affect popular users. Virus attacks websites but do not spread to computers that access those addresses. If you search on Google with the keyword & quot; Powered by phpBB & quot; (the text below phpBB addresses), can see about 6 million websites are running this software.
Google has not made a formal statement about the incident but said it had begun investigations. Owners of websites running the phpBB version of the bug are recommended to visit the PHP web site to download the upgrade ( www.php.net
View the PHP error information: New serious vulnerability in PHP
