As we reported last week, Google had been used by the "Santy.A" worm to infect websites using vulnerable versions of phpBB. Google has since disallowed such search attempts by the worm, by simply not listing vulnerable sites in their search results.
Variants are now attempting to exploit search engines offered by Yahoo and AOL, targeting sites running versions of phpBB prior to version 2.0.11. Some variants of the worm damage sites using poorly coded php instances of include() and require(). AOL claims that they are now unaffected, but Yahoo has yet to comment on their security status.
Santy deletes content from effected php-based sites, and replaces it with information found within the worm itself. Luckily this worm is not communicable to computers who visit effected sites. Sites using older versions of phpBB should update immediately, and some sites utilizing php may have to be rewritten all together.
View: Google's Response @ F-Secure Virus Lab Blog
News source:
Neowin
Full story:
View Here
Linear Mode
