Santy worm Targets AOL Yahoo

    December 28, 2004

Variants of the Santy worm have begun to spread on the Internet using Google, AOL, Yahoo and other search engines.

According to Google+worm+targets+AOL,+Yahoo/2100-7349_3-5504769.html”>CNET, “After Google took measures to prevent the worm from executing Google searches for the faulty bulletin board software, Santy variants are making the rounds using AOL and Yahoo search, according to security firms, and are still targeting Google as well.”

“”Google is only returning results associated with sites not vulnerable to the exploit packed by Perl.Santy,” said AOL spokesman Andrew Weinstein. “So, as the issue has been handled by Google, we’re able to say that we’re blocking requests of this type.””

InformationWeek reports, “Dubbed Santy.e, the worm differs significantly from its predecessors, said Moscow-based Kaspersky Labs in an alert. Rather than target only those Web sites running phpBB, software for creating Internet forums using the PHP scripting language, the worm can exploit any site that’s left allowed arbitrary file inclusion into PHP scripts.

“This can only be prevented with decent, secure coding,” said Kaspersky Labs. “Every site [that uses PHP] is potentially in danger.””

…”Another anti-virus firm, the Finnish F-Secure, downplayed the threat, saying “in practice these latest variants haven’t gotten out of control.” F-Secure credited that to the fact that the Brazilian group suspected of being behind the attack is using a relatively small number of PCs — about 100 — in the bot network that’s searching for vulnerable sites and then launching attacks on those it finds.”

A TechNewsWorld article concludes with, “Cluley said the worm’s release at the holidays was likely a planned occurrence, one meant to take advantage of lowered guard and reduced resources.

“Can it really be coincidence that a worm which attacks Web bulletin boards is released just as many companies and organizations who run such message boards are shutting down for Christmas?” Cluley asked. “It’s likely this worm will have a greater impact simply because the people who need to be at their desks to fix the problem are relaxing in front of the fire.”

Virus and worm authors have long used the holidays to launch attacks, with varying levels of success. In fact, the 2004 holiday season brought the Windows-targeted mass mailing Zafi worm as well as Santy.”

WebProNews | Breaking eBusiness News
Your source for investigative ebusiness reporting and breaking news.