Subscriptions | RSS Feeds | Discussions | Polls | Site Map




All Threats

Viruses

Hackers

Spam
Whole site    Viruses
  
Virus Encyclopedia
Riskware
Alerts
Analysis
News
Glossary
Weblog

 
Archive

<< 2010  
Jan Feb  
     
     
     
About Diary's Authors
About Diary's Authors

The Analyst's Diary is a weblog maintained by virus analysts from Kaspersky Lab headed by Eugene Kaspersky. Find out more about the authors of this weblog.
Securelist Polls
How would you prefer to pay for your antivirus solution?
Using a prepay card
Via your mobile (SMS)
Via the Internet using a debit\ credit card
Using cash\ credit\ debit in a shop
Using an e-payment system (e.g. PayPal)
Other
  View responses
 

  Home / Weblog

Analyst's Diary

New Santy also targets php vulnerabilities


  Roel       December 25, 2004 | 21:23  GMT

comments (1)  

We have detected a new Santy variant which also targets vulnerabilties in older versions of php.
This new variant is more advanced/dangerous in a number of ways:

-Uses yahoo next to google to search for vulnerable sites.
-Targets next to 'phpBB pre 2.0.11' sites, also sites that use an older version of php.
-New Santy variants try to install a Bot, giving the masters control.
-Most sites have got huge bandwidth, this would make a spam run or DDoS extremely effective - although this is a side effect.

We detect the latest Santy variant as Net-Worm.Perl.Santy.e, the installed bot as Backdoor.Perl.Shellbot.b.
There are also some other new Perl Backdoors.

We would like to urge everybody to make sure their php is up to date. (Next to phpBB of course).
If you aren't the hoster of your site, contact the hoster even though it's christmas, malware doesn't wait till next week.

 

Copyright © 1996 - 2010
Kaspersky Lab
Industry-leading Antivirus Software
All rights reserved
 

Email: webmaster@viruslist.com