Google kicks worm into touch

Share this article:

Google has finally stopped the Santy worm dead in its tracks, thanks to lobbying from anti-virus vendors. The worm, which trawls Google for vulnerable versions of bulletin board software known as phpBB, had reached epidemic proportions by Tuesday night.

Google responded to Finnish anti-virus firm F-Secure in an email admitting its was slow to stop the virus, "While a seven hour response for something like this is not outrageous, we think we can and should do better. We will be reviewing our procedures to improve our response time in the future to similar problems."

Earlier on Tuesday Mikko Hyponnen, research director at F-Secure had appealed for Google to put a halt to the spread of the virus, that infected upwards of 40,000 sites.

"We've been trying to reach the right persons at Google for the past hours... they could stop this Santy outbreak right now simply by stopping responding to the queries the viruses uses. This wouldn't hurt any end users and would in fact take load off from Google servers," he said.

Such was the early success of Santy that by mid-Tuesday Russian anti-virus company Kaspersky had declared its spread an "epidemic". Today a search shows that nearly 30,000 websites remain compromised with the words "This Site Is Defaced!!! NeverEverNoSanity WebWorm generation 22."

The Santy worm creates a search request which results in a list of sites running vulnerable versions of phpBB. It then automatically exploits this vulnerability. Google's action has prevented the virus from spreading any further, but upgrading phpBB (to 2.0.11) is still recommended.

www.f-secure.com
www.viruslist.com

Share this article:
close

Next Article in News

Sign up to our newsletters

More in News

Investors aim to 'save' bitcoin exchange Mt. Gox

After suffering a massive bitcoin theft, the exchange faces liquidation of its assets in Japan.

Attackers target Facebook to deliver Android iBanking malware

Attackers target Facebook to deliver Android iBanking malware

A Windows trojan delivered via drive-by download is injecting malicious content into Facebook and ultimately fooling users into downloading Android malware that can allow for the capturing of SMS messages.

Federal watchdog says SEC security issues put financial data at risk

Federal watchdog says SEC security issues put financial ...

According to the U.S. Government Accountability Office (GAO), SEC, among other lapses, failed to adequately oversee a contractor, which migrated its financial system to a new data center.