Users login

Create an account »


Users login

Home » Hacking News » Santy worm defaces thousands of sites

Santy worm defaces thousands of sites

by Nikola Strahija on December 27th, 2004 A worm which attacks web servers running the popular phpBB discussion forum software to deface vulnerable systems spread widely across the net today.

The Santy worm searches for vulnerable phpBB (v. < 2.0.11) forum sites using Google, and when a suitable target is found, Santy uses a remote exploit to gain access and deface it before resuming its scanning activity. Content on defaced sites is replaced by a message:

"This site is defaced!!! NeverEverNoSanity"

Apart from defacing infected sites with this text, the worm has no payload. It will not infect PC used to view infected sites. It is estimated there are more than one million sites which use the vulnerable phpBB software, of which tens of thousands have already been defaced. Users of phpBB are advised to update to version 2.0.11.

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »