Santy Worm
Last night at 8:01pm (GMT8+), the LRM forum was exploited by the ‘Santy.A’ worm. The santy worm was using Google to search for forums using versions of phpBB 2.0.10 or below. When a suitable site was found, the worm used a remote exploit to gain access to the site, replaced all .htm .php .asp .shtm .jsp .phtm files with “This site is defaced. NeverEverNoSanity Webworm generation X” (X represents the generation of the worm), and then restarted scanning for new sites.
I was online when I happened and I it took about five minutes for the files to be changed. Luckily there was a daily back up, but there were a few files that were 0kb, mainly ones that had been updated over the last few days (including some from a re-design I was about to release). Thankfully I’m one of those people who never empty their recycle bin and most of it was still in there.
Apparently the worm is not spreading any more, thanks to Google’s quick response. Google started filtering the queries made by the worm, effectively stopping the spread of the worm. Even so, I’d advise you to take note internet. Upgrade any phpBB and check any other php based scripts now (I’ve noticed some top sites got exploited), before you see the ‘defaced’ file.
There’s a lot of sites that were exploited, but it’s hard to estimate just how many, the highest generation number is 22, and I can’t even remember what generation number I had. The first report of a sighting was 9:25 GMT on 20th of December.
Official home page of phpBB has yet to comment, but there are quite a few threads in their forum.
Nikita is a 30-something year old geeky girl that resides in Perth, Western Australia studies event management, works at events and runs EnjoyPerth. She is a self confessed high heel worshipper that suffers from multipletabitis. Kitta spends her spare time blogging sporadically, volunteering, gaming and likes taking photos of the contents of the universe.
Kitta.net 
Well I for one am delighted it’s back. It’s public knowledge that for me, Kitta.net IS the internet!
So when it is down, Loddy is also down…
I will stop doing the third person thing now and say BOOYAH!
Mwah Mwah Mwah! Oh it’s like coming home after the crusades!!
LikeLike
You had version 20. I nearly panicked when it happened. One second it was fine, the net it was “Argh! What did I do?”.
I found myself hoping Loddy would come online so he could call Candy who could call you. Luckily you were online anyway!
Good work with the fix!
PS… the automatic comment preview thingy, and the changing colour boxes… havent seen them before, and I like!
LikeLike
Metao, I was actually midway thru an email to Kitta about her site when she came online, so I nabbed her, but alas, in her infinite wisdom she already knew!
She’s so cheek pinchingly clever that girl! 🙂
LikeLike
Cheek pinchingly clever? I wouldn’t go that far. 😉
LikeLike
Dirty bastards!
3 cheers for Kitta!
hip hip hurray!
hip hip hurray!
hip hip hurray!
LikeLike
Stuff like that annoys me 😦 angry monkey
LikeLike
Airbag also got hit.
LikeLike
😦 mean wormies 😦
Merry Christmasmas!
LikeLike
hehe
who made the wormie?
who spreaded it?
could it be 1 of us writing on this comments????
Mhhhhhhh i just roar
LikeLike
you forgot one jelly
who cares…
LikeLike
Are you sure that TLRM didn’t strike again? This might be part of his ‘big plan’…
LikeLike
Rule Number One of the little red monkey forum: DO NOT TALK ABOUT THE LITTLE RED MONKEY
Rule Number two of the little red monkey forum: DO NOT TALK ABOUT THE LITTLE RED MONKEY
Rule Number three of the little red monkey forum: OBEY THE RULES
LikeLike
Merry Christmas Kitta 🙂
LikeLike
Merry Christmas Nikita, Hope you have a great day. Gotta love being one of the first countries to get xmas first 😉
LikeLike
MERRY XMAS!!!! =P
LikeLike
Hope you have a Merry Christmas and Happy New Year!
Got any NY Resolutions?
LikeLike