Sanity worm defaces websites using php bug

• Previous message (by thread): Sanity worm defaces websites using php bug
• Next message (by thread): Sanity worm defaces websites using php bug
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

cw wrote:
> Does anyone have any more detail on exactly what this thing does after 
> it gets into a system?

Check *any* AV web site.

> The cgi platform for a company I use has been hit and the effect is 
> not just limited to phpBB, it seems to get into the server and then go 
> through everything it can write to..

Naturally. This can teach you a few lessons, ranging from, but not 
limited to:
1. Using packages that have a heigher rate of disclosed vulnerabilities 
than....
2. Using packages that demand certain privileges.
3. Not limiting privileges.
4. Not patching.

> I lost a copy of UBB to this worm even though I don't rund phpBB off 
> the same vhost.
> 
> Gonna be a nightmare for server ops to ensure that all client copies 
> of phpBB are patched..

It shouldn't be a nightmare for people to do proper patching, especially 
when it is not a client application at all (I got what you meant..).

A few months ago I heard and later made a joke about creating a random 
program that will build fake PHP applications advisories and email them 
to bugtraq daily. That's pretty much how it looks like today, as it is.

This worm is finite, it won't last virtually forever like some other 
worms. I haven't looked at it yet, but my bet would be most of its harm 
is overhead of wasted traffic.

	Gadi.

• Previous message (by thread): Sanity worm defaces websites using php bug
• Next message (by thread): Sanity worm defaces websites using php bug
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]