Google kicks worm into touch

Share this article:

Google has finally stopped the Santy worm dead in its tracks, thanks to lobbying from anti-virus vendors. The worm, which trawls Google for vulnerable versions of bulletin board software known as phpBB, had reached epidemic proportions by Tuesday night.

Google responded to Finnish anti-virus firm F-Secure in an email admitting its was slow to stop the virus, "While a seven hour response for something like this is not outrageous, we think we can and should do better. We will be reviewing our procedures to improve our response time in the future to similar problems."

Earlier on Tuesday Mikko Hyponnen, research director at F-Secure had appealed for Google to put a halt to the spread of the virus, that infected upwards of 40,000 sites.

"We've been trying to reach the right persons at Google for the past hours... they could stop this Santy outbreak right now simply by stopping responding to the queries the viruses uses. This wouldn't hurt any end users and would in fact take load off from Google servers," he said.

Such was the early success of Santy that by mid-Tuesday Russian anti-virus company Kaspersky had declared its spread an "epidemic". Today a search shows that nearly 30,000 websites remain compromised with the words "This Site Is Defaced!!! NeverEverNoSanity WebWorm generation 22."

The Santy worm creates a search request which results in a list of sites running vulnerable versions of phpBB. It then automatically exploits this vulnerability. Google's action has prevented the virus from spreading any further, but upgrading phpBB (to 2.0.11) is still recommended.

www.f-secure.com
www.viruslist.com

Share this article:
close

Next Article in News

Sign up to our newsletters

More in News

Apple hit with privacy class-action over iPhone location service

Apple hit with privacy class-action over iPhone location ...

A woman claims she did not realize the company was using location services to track her and accuses the company of giving the data to third parties.

Attackers compromise Gizmodo Brazil

Trend Micro is investigating whether a vulnerability was used to compromise Gizmodo Brazil and a logistics firm hosted by the same ISP.

Paddy Power breach impacting 650K customers dates back to 2010

Nearly 650,000 Paddy Power customers who made an account prior to 2010 had data compromised in a breach.