Google has finally stopped the Santy worm dead in its tracks, thanks to lobbying from anti-virus vendors. The worm, which trawls Google for vulnerable versions of bulletin board software known as phpBB, had reached epidemic proportions by Tuesday night.
Google responded to Finnish anti-virus firm F-Secure in an email admitting its was slow to stop the virus, "While a seven hour response for something like this is not outrageous, we think we can and should do better. We will be reviewing our procedures to improve our response time in the future to similar problems."
Earlier on Tuesday Mikko Hyponnen, research director at F-Secure had appealed for Google to put a halt to the spread of the virus, that infected upwards of 40,000 sites.
"We've been trying to reach the right persons at Google for the past hours... they could stop this Santy outbreak right now simply by stopping responding to the queries the viruses uses. This wouldn't hurt any end users and would in fact take load off from Google servers," he said.
Such was the early success of Santy that by mid-Tuesday Russian anti-virus company Kaspersky had declared its spread an "epidemic". Today a search shows that nearly 30,000 websites remain compromised with the words "This Site Is Defaced!!! NeverEverNoSanity WebWorm generation 22."
The Santy worm creates a search request which results in a list of sites running vulnerable versions of phpBB. It then automatically exploits this vulnerability. Google's action has prevented the virus from spreading any further, but upgrading phpBB (to 2.0.11) is still recommended.