Google kicks worm into touch

Share this article:

Google has finally stopped the Santy worm dead in its tracks, thanks to lobbying from anti-virus vendors. The worm, which trawls Google for vulnerable versions of bulletin board software known as phpBB, had reached epidemic proportions by Tuesday night.

Google responded to Finnish anti-virus firm F-Secure in an email admitting its was slow to stop the virus, "While a seven hour response for something like this is not outrageous, we think we can and should do better. We will be reviewing our procedures to improve our response time in the future to similar problems."

Earlier on Tuesday Mikko Hyponnen, research director at F-Secure had appealed for Google to put a halt to the spread of the virus, that infected upwards of 40,000 sites.

"We've been trying to reach the right persons at Google for the past hours... they could stop this Santy outbreak right now simply by stopping responding to the queries the viruses uses. This wouldn't hurt any end users and would in fact take load off from Google servers," he said.

Such was the early success of Santy that by mid-Tuesday Russian anti-virus company Kaspersky had declared its spread an "epidemic". Today a search shows that nearly 30,000 websites remain compromised with the words "This Site Is Defaced!!! NeverEverNoSanity WebWorm generation 22."

The Santy worm creates a search request which results in a list of sites running vulnerable versions of phpBB. It then automatically exploits this vulnerability. Google's action has prevented the virus from spreading any further, but upgrading phpBB (to 2.0.11) is still recommended.

www.f-secure.com
www.viruslist.com

Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in News

Sign up to our newsletters

More in News

LEADS Act addresses gov't procedure for requesting data stored abroad

LEADS Act addresses gov't procedure for requesting data ...

Senators introduced the legislation last week as a means of amending the Electronic Communications Privacy Act (ECPA).

Report: Intrustion prevention systems made a comeback in 2013

Report: Intrustion prevention systems made a comeback in ...

A new report indicates that intrusion prevention systems grew 4.2 percent in 2013, with growth predicted to continue.

Mobile device security sacrificed for productivity, study says

Mobile device security sacrificed for productivity, study says

A Ponemon Institute study, sponsored by Raytheon, revealed that employees increasingly use mobile devices for work but cut corners and circumvent security.