Santy
Encyclopedia
Santy is a computer worm
created in Perl
to exploit a vulnerability in phpBB
software which used Google
to spread across the internet
.
Within 24 hours of its release by X_Spec on 20 December 2004, a large number of website
s (estimated by some at 30,000 to 40,000) were attacked by Santy. The worm holds a record of spreading worldwide within 3 hours of its release. The worm caused writable files (of formats such as .php and .html) on the infected server to display the message "This site is defaced!!! This site is defaced!!! NeverEverNoSanity WebWorm generation X", where X is a number representing the generation of the worm.
There have been variants of the worm, some that use alternative search engines after Google blocked queries from the Santy worm, and an anti-Santy anti-worm
that attempts to patch vulnerable installations.
The phpBB Group had released a patch for the vulnerability a month before the attacks, in phpBB 2.0.11.
Computer worm
A computer worm is a self-replicating malware computer program, which uses a computer network to send copies of itself to other nodes and it may do so without any user intervention. This is due to security shortcomings on the target computer. Unlike a computer virus, it does not need to attach...
created in Perl
Perl
Perl is a high-level, general-purpose, interpreted, dynamic programming language. Perl was originally developed by Larry Wall in 1987 as a general-purpose Unix scripting language to make report processing easier. Since then, it has undergone many changes and revisions and become widely popular...
to exploit a vulnerability in phpBB
PhpBB
phpBB is a popular Internet forum package written in the PHP scripting language. The name "phpBB" is an abbreviation of PHP Bulletin Board...
software which used Google
Google
Google Inc. is an American multinational public corporation invested in Internet search, cloud computing, and advertising technologies. Google hosts and develops a number of Internet-based services and products, and generates profit primarily from advertising through its AdWords program...
to spread across the internet
Internet
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...
.
Within 24 hours of its release by X_Spec on 20 December 2004, a large number of website
Website
A website, also written as Web site, web site, or simply site, is a collection of related web pages containing images, videos or other digital assets. A website is hosted on at least one web server, accessible via a network such as the Internet or a private local area network through an Internet...
s (estimated by some at 30,000 to 40,000) were attacked by Santy. The worm holds a record of spreading worldwide within 3 hours of its release. The worm caused writable files (of formats such as .php and .html) on the infected server to display the message "This site is defaced!!! This site is defaced!!! NeverEverNoSanity WebWorm generation X", where X is a number representing the generation of the worm.
There have been variants of the worm, some that use alternative search engines after Google blocked queries from the Santy worm, and an anti-Santy anti-worm
Anti-worm
Anti-worm has multiple meanings within the field of computer security. It can be a piece of software designed to protect against computer worms, combining the features of anti-virus software and a personal firewall...
that attempts to patch vulnerable installations.
The phpBB Group had released a patch for the vulnerability a month before the attacks, in phpBB 2.0.11.