Google has shutdown a fast-spreading new worm that infects Web servers running a popular bulletin board package that used the Google search engine to find vulnerable servers.
The worm, dubbed Santy.A, uses a vulnerability in phpBB to spread across the Internet, infecting computer servers that host online bulletin boards and defacing those sites with the words "This site is defaced!!! NeverEverNoSanity WebWorm." It does not affect individual computer users however.
Santy.A was first spotted yesterday afternoon and appears to use a recently dislcosed vulnerability in the PHP scripting language, now patched. Once Santy infects servers running the phpBB software, it scans directories on the infected site and overwrites files with the extensions HTM, PHP, ASP, SHTM, JSP and PHTM.
It then launches a search on the Google search engine for URLs that use a special string, viewtopic.php, which is common to bulletin boards written using the phpBB software.
The worm's reliance on Google has been its downfall, however. It has reacted swiftly and prevented its search from being carried out, effectively stoppiing it in its tracks just before it exploded.
Anti-virus experts do not believe Santy.A deposits Trojan horse programs or other malicious code on the systems it infects. However, it could act as a road map for malicious hackers who are looking for vulnerable computers to exploit.