Santy

Santy is a computer worm created in Perl to exploit a vulnerability in phpBB software which used Google to spread across the Internet.

Overview

[edit]

Within 24 hours of its release on 20 December 2004, about 30,000 to 40,000 websites[1] were attacked by Santy. The worm holds a record of spreading worldwide within three hours of its release. It caused writable files (of formats such as .php and .html) on the infected servers to display the message "This site is defaced!!! This site is defaced!!! NeverEverNoSanity WebWorm generation X", where X is a number representing the generation of the worm.

There have been variants of the worm, some that use alternative search engines after Google blocked queries from the Santy worm, and an anti-Santy anti-worm that attempts to patch vulnerable installations.[2]

The phpBB Group had released a patch for the vulnerability a month before the attacks, in phpBB 2.0.11.

References

[edit]
  1. ^ Robert, Lemos. "Net worm using Google to spread". CNET News. Retrieved 28 January 2013.
  2. ^ Ingrid Marson (December 31, 2004). "Anti-Santy worm spreads". ZDNet.com. Retrieved May 4, 2014.
[edit]