MTM2.com

A forum for mtm2 discussion
FAQ :: Search :: Members :: Groups :: Register
Login
It is currently Thu Nov 28, 2024 8:12 pm



Post new topic Reply to topic  [ 8 posts ] 
Author Message
 Post subject: Net worm using Google/ phpBB to spread
PostPosted: Tue Dec 21, 2004 11:31 pm 
Member
User avatar

Joined: Wed Nov 06, 2002 2:01 pm
Posts: 881
Location: Silicon Valley, California. USA
A Web worm that identifies potential victims by searching Google is spreading among online bulletin boards using a vulnerable version of the program phpBB, security professionals said on Tuesday.

The Santy worm uses a flaw in the widely used community forum software known as the PHP Bulletin Board (phpBB) to spread, according to updated analyses. The worm searches Google for sites using a vulnerable version of the software, antivirus firm Kaspersky said in a statement.

http://news.zdnet.com/2100-1009_22-5499725.html?tag=nl.e589

.

_________________
--> "Obstacles are those frightful things you see when you take your eyes off your goals." -- Henry Ford


Top
 Profile  
 
 Post subject:
PostPosted: Tue Dec 21, 2004 11:54 pm 
Glow Ball
User avatar

Joined: Tue Feb 02, 1999 7:00 pm
Posts: 23
Ever get the feeling we're all just sitting ducks?

<center><img src="http://mtm2.com/~forum/images/topic3191phpacrossgoogle.gif" width="470" height="334"></center>

Here's a clue.

Quote:
...the worm deletes all HTML, PHP, active server pages (ASP), Java server pages (JSP), and secure HTML pages...


The affected machines are, in all likelihood, windows operating systems. I certainly don't want to be complaisant, but I've done everything possible to secure things.


Top
 Profile  
 
 Post subject:
PostPosted: Wed Dec 22, 2004 12:12 am 
Member
User avatar

Joined: Wed Nov 06, 2002 2:01 pm
Posts: 881
Location: Silicon Valley, California. USA
Well, if it quacks like a duck......

Quote:
Web sites using a vulnerable version of phpBB should upgrade, the phpBB Project site advises.


Let's hope that "no upgrades available" message means you have the latest version, and am already protected.


I wish they'd put "mandatory death penalty for hackers and virus writers" in a ballot, because I'd vote for it....(not really, but that's how I feel sometimes).

_________________
--> "Obstacles are those frightful things you see when you take your eyes off your goals." -- Henry Ford


Top
 Profile  
 
 Post subject:
PostPosted: Wed Dec 22, 2004 1:26 am 
http://www.php.net/

PHP 4.3.10 & 5.0.3 released!


Top
  
 
 Post subject:
PostPosted: Wed Dec 22, 2004 3:18 am 
Member
User avatar

Joined: Sun Sep 12, 2004 4:05 pm
Posts: 186
Location: Right here
..Maybe the updated versions have the holes?...just a thought...

...*sets up norton cannons, used to blast viruses to pices upon detection, firing a 88mm higly explosive, anti personell, nukeular,atomic,bio chemiacal,crossive,oxodizing,melting raido active warhead and eliminates virus/worm instantly....In short Norton,spybot S&D and a fire wall :D * make sure to be careful guys!

_________________
<This space for rent>
<Same with this one>
5/4 people have problems with fractions


Top
 Profile  
 
 Post subject:
PostPosted: Wed Dec 22, 2004 7:43 am 
Member
User avatar

Joined: Sat May 24, 2003 2:16 pm
Posts: 369
Location: UK
Is this the one that attacks sites and deletes the whole thing, before creating one page saying: This site is defaced! I believe it's the NeverEverNoSanity worm. I know of a few good sites that have been attacked by it. :x

On a kind of related note, is anyone having problems with BullsEye Network adware? It gets around Nortor Security, including the new updates. I've tried quarantining and deleting it but the file just instantly re-appears. I hate adware. [:-|]


Top
 Profile  
 
 Post subject:
PostPosted: Wed Dec 22, 2004 9:51 am 
Member

Joined: Thu Mar 02, 2000 2:01 pm
Posts: 539
Location: Phoenix, AZ
I thought of you guys here when I found out about this today.

Leave it to Ziff Davis to use a cheap grocery store tabloid headline ploy by calling it a "Net worm using Google to spread" though.
What a joke and way off the point.

It is a hacking tool to automate the defacing PHP web sites and nothing else.
The tool just uses search engine results for a search of "Powered by PHPbb", it makes no difference what search engine, and it does not infect the search engine or even any sites it defaces and can't harm those that visit.
The hacker could just as easily deface any PHP site he finds.
Searching the net for something all of them contain just made for more targets is all.
ZDNet Claiming "Net worm using Google to spread" was assanine.
"PHP Bulleten Boards being found by search engines and trashed" would have been a much better headline I would think, because the millions of people that use Google are simply not affected and 99% could care less.

Details here:
http://news.zdnet.com/2100-1009_22-5499 ... ag=nl.e589

----
But much more info here:

http://isc.sans.org/diary.php?date=2004-12-21

"The worm exploits the 'highlight' bug in phpBB 2.0.10 and
earlier. The current version of phpBB (2.0.11, released Nov.
18th) fixes this problem."

To update the progress of the community supported
distributions progress on releasing a PHP update, Red Hat
has released updated rpms for FC2 and FC3 at the same
time as their enterprise products (well done), The Fedora
Legacy continues discussion for earlier Red Hat releases but
still nothing for FC1 (which should be a simple 4.3.3 to
4.3.10 upgrade). Debian still not available.
----

PHP is mainly a Unix type system script launguage.
Windows guys use VBscript (.asp) so few if any windows servers will be affected.

Glad to see that this was not the cause of your problem here.
Live long and prosper MTM2.com ;-}

_________________
<IMG SRC="http://vales.com/sigs/KC.gif" border=0>
It's all how you look at things ©¿©¬


Top
 Profile  
 
 Post subject:
PostPosted: Fri Dec 24, 2004 10:30 am 
Glow Ball
User avatar

Joined: Tue Feb 02, 1999 7:00 pm
Posts: 23
Just a follow up.

This is the fix for phpbb. Forward the link to anybody you know who uses phpbb.

http://www.phpbb.com/phpBB/viewtopic.php?t=240513


Also, the v4.3.10 php release has sql database issues and will cause some programs and scripts to fail. Most package builders are waiting on v4.3.11 before integrating it onto their programming.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 8 posts ] 


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group