Worm acting as an anti-Santy patch
I have seen people asking for someone to release a worm that disable Internet Explorer on a machine and install Firefox instead! Well, that might not see the light of the day anytime soon but someone decided to take the matter pertaining to the much in news Santy worm in his hand. A new worm is circulating in the wild, which tries to patch a vulnerable phpBB based discussion forum to prevent infections from the damage-causing worm.
F-Secure have confirmed the existence of â€œAnti-Santy-Worm V4â€ which uses the original method of searching for phpBB boards using Google search engine. However, instead of defacing the targeted board, it attempts to fix the loopholes in the system. In addition, it leaves a message to the site owners by dropping a file named secure.php containing this message: “Your site is a bit safer, but upgrade to >= 2.0.11 !!”
The security firms however still have not made clear how effective the patch really is. And none of them has praised this anti-worm worm. They say instead of helping the web hosts, it is causing more harm instead by ending up hitting servers and increasing loads. Many popular websites have already fixed their forums with the latest update of the phpBB software and are reporting attack by this worm.
Google took certain steps, which helped in limiting the damage caused by the original Santy worm. However, later news reports claimed that the source code of an updated version was released on the web, which raised fears that more worms are bound to appear with worse effects.