New computer worm attacks bulletin boards 'Santy' spread quickly, but targets are limitedBy Bob Sullivan
Technology correspondent
MSNBC
Updated: 3:19 p.m. ET Dec. 21, 2004
A new computer worm that attacks bulletin board services spread silently and quickly around the Internet Tuesday, infecting at least 38,000 systems within a few hours, experts said. The worm does not attack home computers, but consumers might encounter its effects. Bulletin boards that are infected will show a simple text message: "This site is defaced!!! This site is defaced!!! NeverEverNoSanity."
The worm only attacks widely used message board software called PHP Bulletin Board. Other than displaying the text message, it does nothing malicious to infected computers, according to antivirus firm Kaspersky Labs. Because it spread rather quickly Tuesday morning, F-Secure Corp. issued an alert about Santy.
"This is spreading very rapidly," said Ken Dunham, director of malicious code research at iDefense Inc.
As a network-based worm, the malicious program is capable of making the rounds quickly without any user interaction, such as clicking on an e-mail attachment. In that way, Santy is similar to the Code Red or Nimda attacks, but the list of potentially vulnerable computers is far more limited that those attacks, said virus researcher Oliver Friedrichs of Symantec Corp.
Santy searches for its digital victims using the Google search engine, Dunham said. The malicious program searches for a particular string of text to find computers running the vulnerable bulletin board software, then attacks them.
"It only takes so long to Google and deface," he said.
Friedrichs said attacks that take advantage of the powerful Google search engine are becoming more common. Earlier this year, the MyDoom computer virus temporarily disabled Google by harvesting e-mail addresses through the service.
"It's not the first time we've seen a threat leveraging Google," he said. "It's extremely attractive to worm (author) who relies on gathering information like e-mail addresses. ... this is a trend we expect to continue."
Another intriguing Santy trick: The worm brags about infecting "generations" of computers. Worms spread exponentially. The first infected computer may attack a dozen or more machines, each of which in turn attacks another dozen, and so on. Even after just four or five levels -- like generations in a family tree -- the attack is widespread.
Santy keeps track of its family tree, announcing which generation has arrived on an infected computer. Searches for infected machines at 3 p.m. ET Tuesday showed the worm had already reached generation 24.
"It does appear to be continuing to spread," Dunham said.
_________________ If animal trapped call 410-844-6286, then hit option 1123 6536 5321, then dial 4 8 15 16 23 42
Joined: Mon Oct 18, 2004 1:03 am Posts: 24177 Location: Australia
ElPhantasmo wrote:
It was supposed to make the boards say "This site has been destroyed by ElPhantasmo!" Stupid foreign virus-makers I hired fucked it up.
It's your own fault for not handling the job personally, you know it.
_________________ Oh, the flowers of indulgence and the weeds of yesteryear, Like criminals, they have choked the breath of conscience and good cheer. The sun beat down upon the steps of time to light the way To ease the pain of idleness and the memory of decay.
Users browsing this forum: No registered users and 6 guests
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot post attachments in this forum
