There seems to be a new work spreading about that is searching for sites still running vulnerable phpBB versions and then once found it attacks them via the highlight bug in viewtopic.php, it then patches the system to stop any of the other worms from compromising the system and and posts a message to a file called secure.php which contains the text:
"viewtopic.php secured by Anti-Santy-Worm V4 your site is a bit safer, but upgrade to >= 2.0.11"
I'm not sure if the patch that is applied actually works and if it can be trusted since I've not seen the changes made for myself and have not found anyone else that has confirmed it yet.
There has been reports of potential DOS caused by repeated requests made by this worm, so it's not all good.Post ID: 616, posted by jase at 02:24 AM
Thanks for signing in, . Now you can comment. (sign out)(If you haven't left a comment here before, you may need to be approved before your comment will appear.)