[76722] in North American Network Operators' Group
Re: Sanity worm defaces websites using php bug
daemon@ATHENA.MIT.EDU (sgorman1@gmu.edu)
Tue Dec 21 16:02:17 2004
Date: Tue, 21 Dec 2004 16:01:30 -0500
From: sgorman1@gmu.edu
To: cw <nanog@fidei.co.uk>
Cc: nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
there is this from f-secure with some detail of after effects.
http://www.f-secure.com/v-descs/santy_a.shtml
----- Original Message -----
From: cw <nanog@fidei.co.uk>
Date: Tuesday, December 21, 2004 3:47 pm
Subject: Re: Sanity worm defaces websites using php bug
>
> Does anyone have any more detail on exactly what this thing does
> after
> it gets into a system?
>
> The cgi platform for a company I use has been hit and the effect
> is
> not just limited to phpBB, it seems to get into the server and
> then go
> through everything it can write to..
>
> I lost a copy of UBB to this worm even though I don't rund phpBB
> off
> the same vhost.
>
> Gonna be a nightmare for server ops to ensure that all client
> copies
> of phpBB are patched..
>
>
