[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Wednesday, 22 December, 2004, 12:14 GMT
Santy worm makes unwelcome visit
Screengrab of phpBB website, phpBB
The vulnerable software is used by thousands of sites
Thousands of website bulletin boards have been defaced by a virus that used Google to spread across the net.

The Santy worm first appeared on 20 December and within 24 hours had successfully hit more than 40,000 websites.

The malicious program exploits a vulnerability in the widely used phpBB software.

Santy's spread has now been stopped after Google began blocking infected sites searching for new victims.

Fast response

The worm replaces chat forums with a webpage announcing that the site had been defaced by the malicious program.

Soon after being infected, sites hit by the worm started randomly searching for other websites running the vulnerable phpBB software.

Once Google started blocking these search queries the rate of infection tailed off sharply.

A message sent to Finnish security firm F-Secure by Google's security team said: "While a seven hour response for something like this is not outrageous, we think we can and should do better."

"We will be reviewing our procedures to improve our response time in the future to similar problems," the Google team said.

Security firms estimate that about 1m websites run their discussion groups and forums with the open source phpBB program.

The worst of the attack now seems to be over as a search conducted on the morning of the 22 December produced only 1,440 hits for sites showing the text used in the defacement message.

People using the sites hit by Santy will not be affected by the worm.

Santy is not the first malicious program to use Google to help it spread.

In July a variant of the MyDoom virus slowed down searches on Google as the program flooded the search site with queries looking for new e-mail addresses to send itself to.

Cyber criminals step up the pace
06 Dec 04 |  Technology
Toxic web links help virus spread
12 Nov 04 |  Technology
Google recovers after virus hits
27 Jul 04 |  Technology
Virus poses as Christmas e-mail
16 Dec 04 |  Technology
Hi-tech tools fuel phishing boom
24 Nov 04 |  Technology

The BBC is not responsible for the content of external internet sites


News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia
UK | Business | Entertainment | Science/Nature | Technology | Health
Have Your Say | In Pictures | Week at a Glance | Country Profiles | In Depth | Programmes
Americas Africa Europe Middle East South Asia Asia Pacific