Santy Worm Using AOL and Yahoo to Target More PHP Sites
The newest version of the Santy Worm, Santy.e, is threatening more web sites which use PHP scripting to produce dynamically database generated pages. The Santy Worm first surfaced last week, targeting sites which use the phpBB bulletin board/forum service. Santy was using Google as its springboard to identify such phpBB powered sites. The Perl/Santy-A worm (also known as Santy) exploited a vulnerability in a piece of software often used to provide discussion forums and bulletin boards on the web, phpBB.
Now reports are coming in that even though Google did block the Santy worm from using Google’s Index to find vulnable sites, Santy is now using Yahoo and AOL search indexes to identify its victims. SFGate Reports “AOL, which uses Google for its underlying search technology, said it was looking into the problem and was uncertain whether Google blocks already in place would prevent misuse of AOL’s search site.” Yahoo, which dumped Google’s search technology in February, could not be reached immediately for comment.
This time around, phpBB is not the only target of the Santy worm. From InformationWeek:
“This can only be prevented with decent, secure coding,” said Kaspersky Labs. “Every site [that uses PHP] is potentially in danger.”
Kaspersky noted that it had already received reports of Websites attacked by infected systems, and that some servers have been compromised or dramatically slowed down as their loads climbed under constant probing.
Like earlier Santy variations, Santy.e uses Google to identify exploitable Web pages written in PHP which use the vulnerable functions “include()” and “require().” Santy.e, however, also throws Yahoo’s and AOL’s search engines into the mix, learning a lesson from the originals, which were stymied when Google blocked their searches.”