Tuesday December 21, 4:03 PM EST
NEW YORK -- A computer worm has attacked and vandalized tens of thousands of Web sites by looking up potential new victims on Google.
The "Santy" worm, which first appeared Monday on the Internet, compromised at least 38,000 computers by midday Tuesday, according to iDefense Inc., a computer-security intelligence firm. As Santy spreads, it leaves behind a red- lettered message on victim sites: "'This site is defaced!!!' NeverEverNoSanity."
The worm replaces files with its own code, a maneuver that can destroy data and cause other Web sites using the same machine to become infected.
"Santy.A isn't a present from Santa Claus, but a fast-spreading worm from the Grinch," said Ken Dunham, iDefense's director of malicious code, in an e-mail.
The self-spreading malicious program attacks Web servers that use flawed versions of an open-source Web scripting language related to HTML called phpBB, which is commonly used for bulletin-board forums.
It finds sites to attack by searching in Google Inc.'s (GOOG) search engine for sites that use the language, according to the SANS Institute, a research organization for network administrators. It searches for "viewtopic.php," which currently returns 4.1 million links. A Google spokesman couldn't be immediately reached for comment.
The phpBB flaw has been fixed in the latest version of the software, phpBB 2.0.11, released Nov. 18, SANS said. The group recommends network operators immediately up
http://members.tccoa.com/lastmrk/Images/lastmark.jpg
NEW YORK -- A computer worm has attacked and vandalized tens of thousands of Web sites by looking up potential new victims on Google.
The "Santy" worm, which first appeared Monday on the Internet, compromised at least 38,000 computers by midday Tuesday, according to iDefense Inc., a computer-security intelligence firm. As Santy spreads, it leaves behind a red- lettered message on victim sites: "'This site is defaced!!!' NeverEverNoSanity."
The worm replaces files with its own code, a maneuver that can destroy data and cause other Web sites using the same machine to become infected.
"Santy.A isn't a present from Santa Claus, but a fast-spreading worm from the Grinch," said Ken Dunham, iDefense's director of malicious code, in an e-mail.
The self-spreading malicious program attacks Web servers that use flawed versions of an open-source Web scripting language related to HTML called phpBB, which is commonly used for bulletin-board forums.
It finds sites to attack by searching in Google Inc.'s (GOOG) search engine for sites that use the language, according to the SANS Institute, a research organization for network administrators. It searches for "viewtopic.php," which currently returns 4.1 million links. A Google spokesman couldn't be immediately reached for comment.
The phpBB flaw has been fixed in the latest version of the software, phpBB 2.0.11, released Nov. 18, SANS said. The group recommends network operators immediately up
http://members.tccoa.com/lastmrk/Images/lastmark.jpg