Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Google worm targets AOL, Yahoo

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Google worm targets AOL, Yahoo
Date: Wed, 29 Dec 2004 00:31:50 -0600 (CST) 
http://news.com.com/Google+worm+targets+AOL,+Yahoo/2100-7349_3-5504769.html

By Paul Festa 
Staff Writer, CNET News.com
December 28, 2004

Update: Days after Google acted to thwart the Santy worm, security
firms warned that variants have begun to spread using both Google and
other search engines.

The Santy problem originally flared up a week ago as bulletin board
Web sites found their pages erased and defaced by the worm's own text.  
The worm spread by targeting pages that used vulnerable versions of
the PHP Bulletin Board (phpBB) software, and used Google to locate
those pages.

After Google took measures to prevent the worm from executing Google
searches for the faulty bulletin board software, Santy variants are
making the rounds using AOL and Yahoo search, according to security
firms, and are still targeting Google as well.

"Perl.Santy.B is a worm written in Perl script that attempts to spread
to Web servers running versions of the phpBB 2.x bulletin board
software prior to 2.0.11," warned Symantec in a Dec. 26 bulletin. "It
uses AOL or Yahoo search to find potential new infection targets."

AOL, which uses Google for its underlying search technology, said on
Tuesday that its search engine should benefit from whatever protective
measures Google implemented.

"Google is only returning results associated with sites not vulnerable
to the exploit packed by Perl.Santy," said AOL spokesman Andrew
Weinstein. "So, as the issue has been handled by Google, we're able to
say that we're blocking requests of this type."

Yahoo, which dumped Google's search technology in February, could not
be reached for comment.

Several other variants are cropping up. Santy.c targets Google once
again. Kaspersky Labs today renamed Santy.d and Santy.e Spyki.a and
b., citing significant differences in the worms' structure from
earlier Santies. The security firm also said the new worms were using
the Brazilian Google for their exploits.

Security researches last week faulted Google for not responding more
swiftly to the emerging Santy threat.

The Santy worm and its variants affect only targeted bulletin board
sites and do not pose a threat to Web surfers who visit them.



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - 
http://www.osvdb.org/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Google worm targets AOL, Yahoo, InfoSec News <=
Previous by Date:  [ISN] Officials unseal piracy records, InfoSec News
Next by Date:  [ISN] Bush Needs To Ramp Up Cybersecurity In New Year, InfoSec News
Previous by Thread:  [ISN] Officials unseal piracy records, InfoSec News
Next by Thread:  [ISN] Bush Needs To Ramp Up Cybersecurity In New Year, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]