Someone posted on the phpBB forums, reporting that he’d had his forum defaced by a new version of the Santy.A worm.

The text this time is:

This site is defaced
::–:: NeverEverNoSanity WebWorm 2 generation 2.3 ::–::
- This time its worse, Don’t fucking try making google block us -
- The bestDeception hackers are here, and here to stay -

Source

Until someone knowledgeable gets a sample of the code, we of course don’t know if this is a real virus that will spread.

When searching Google, I find lots of weirdness here. The site has many different flavors of forums on it, and this particular link held useBB in Google’s cache. So if it now had phpBB, it was a new installation quite recently.

I found something else on this particular site that I found funny. It’s actually a 404 page, but the 404 isn’t visible on the page. You’ll only realize it’s a 404 page if you access with the right tool. Any regular visitor with a regular browser might think the site was hacked? Weirdest 404 page I’ve ever seen. See this sample.

EDIT: They’ve found other worms, exploiting the same hole. Both in phpBB and other software:
http://www.eweek.com/article2/0,1759,1745693,00.asp

This entry was posted on Thursday, December 23rd, 2004 at 12:25 pm and is filed under Tech. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.