Google Nukes Santy Worm, But Threat Remains | eWeek

Google Nukes Santy Worm, But Threat Remains

Écrit par
Ryan Naraine
Ryan Naraine
Dec 22, 2004
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

A decision by Google Inc. to block certain search queries has helped thwart the spread of the Santy worm, but the public release of the worms source code could lead to new attacks, security experts warned on Wednesday.

Google began filtering the worms queries late Tuesday night, effectively stopping the Santy propagation on vulnerable Web forums running the freely distributed phpBB software.

However, according to an advisory from Kaspersky Lab, the Google filtering is not enough to solve the problem. “The author can always release new versions that use other search engines—MSN or Yahoo, for instance,” the anti-virus research firm said in the advisory.

The fact that the Santy source code has been published on certain sites and security-related mailing lists is also cause for concern, according to Roel Schouwenberg, senior research engineer at Kaspersky Lab.

“This opens the door for new variants to arise. However, I doubt that new variants will be very effective, unless search engines just keep on spitting out new, unpatched sites,” Schouwenberg said.

Anti-virus vendor F-Secure confirmed the Google filtering was successful and said the search engine had started showing the defaced Web sites in its index.

The worm, known as Net-Worm.Perl.Santy.A, or Santy, was programmed to use Google search to randomly find sites running vulnerable version of phpBB and overwrite several different files to deface the forums.

By targeting phpBB, the defacements cause a major nightmare for some businesses that use the forum software to handle customer service queries and other support issues.

On the phpBB support forum, administrators urged users to upgrade to the newest available release of the software.

“Fixed versions of PHP do exist and as above we encourage you to ensure your system is running such a version. Equally please examine any hacking issues you have carefully to ensure they are not caused by this PHP problem (rather than phpBB). Remember, this is not a phpBB exploit or problem, its a PHP issue and thus can affect any PHP script which uses the noted functions,” administrators said in a forum posting.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.