New Santy Mutant Offers Help | eWeek

New Santy Mutant Offers Help

Écrit par
Ryan Naraine
Ryan Naraine
Dec 31, 2004
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

Another mutant of the Santy worm has started squirming, this one depositing a so-called patch for vulnerable Web forums powered by the phpBB software.

The “Anti-Santy-Worm V4,” discovered by anti-virus vendor F-Secure, works very much like the original Santy worm, which used Google search results to randomly find—and deface—phpBB forums.

Google has since tweaked its search engine to filter the worms queries but the public release of the Santy source code continued to put unpatched phpBB sites at risk.

According to an F-Secure advisory, the anti-Santy fixer worm also uses search engines to find vulnerable message boards. “Then the worm tries to patch the system so Santy variants wont be able to infect it any more,” the advisory states.

/zimages/3/28571.gifSymantec has issued patches for newly discovered vulnerabilities in firewall appliances.Click hereto read more.

Once a site becomes infected, the Santy mutant drops a file called secure.php with the following text: “Your site is a bit safer, but upgrade to >= 2.0.11 !!”

The “2.0.11” refers to the newest, more secure, version of phpBB.

While the worm purports to have good intentions, F-Secure Director of Anti-Virus Research Mikko H. Hypponen, does not believe in the benefits of renegade fixes. “This is not a beneficial worm. We have no idea how safe the patch the worm applies really is. We also have reports from phpBB administrators whose site is perfectly safe already to be under a denial-of-service attack caused by multiple requests created by this worm,” Hypponen said.

The discovery of a “good” worm following a major Web attack isnt entirely new. Last August, at the height of the Blaster worm attack, a fixer worm called Welchia started spreading and attempted to patch the Windows vulnerability.

However, the benefits proved fraudulent because Welchias propagation technique led to swamped network systems and denial-of-service conditions.

Three years ago, during the Code Red outbreak, a good worm called Code Blue was released with the intent to prevent vulnerable Web servers from being infected by Code Red. In 2001, the Cheese worm attempted a similar repair job on Linux systems that had been infected by the Li0n worm.

/zimages/3/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.