Santy-A Worm Raises Fears Over New Trend

The rampaging Santy-A worm should be slowing down now that Google has

taken its legs out from under it. But the worm, which shows off the first

automated Google hacking, has security analysts bracing for a whole new

trend.

”Santy-A uses Google to find vulnerable Web applications or password

files,” says Mike Murray, director of vulnerability and exposure

research at nCircle Proactive Network Security, a vulnerability

management company based in San Francisco. ”It logs in to Google and

does a search.”

And Murray says the Santy worm most likely will be only the first of its

kind.

”I think we will see Google hacking become more prevalent,” adds

Murray. ”Every search engine has the same problem. It’s not jut Google.

Their job is to present information in a useful way. This is what they

do. Hackers are just going to take advantage of that. It’s an extension

of the information gathering principle.”

Santy-A was first detected in the wild on Tuesday, Dec. 21.

Google has deactivated queries that the worm needs to propagate,

according to John Bambenek, a handler with the SANS Institute’s Storm

Center. In a posting on the Storm Center’s Web site, Bambenek adds,

”This is only a temporary fix, I would imagine, as I’m sure other

queries can be crafted and the same exploit code used to relaunch this

worm. Time will tell.”

Murray notes that this kind of attack puts Google, and other search

engines, in a difficult situation.

”This is a tough place for Google to be in,” he says. ”They provide

information and this exploits that fact. Google then has to figure out

what information is bad and what information is good. That puts them in a

tough spot. In the large scale scope of things, it will be very difficult

for them to combat this going forward. How do they know the intent of

searches?”

According to Sophos, Inc., an anti-virus and anti-spam company with a

U.S. base in Lynnfield, Mass., the Santy-A worm exploits a vulnerability

in a piece of software often used to provide discussion forums and

bulletin boards on the web — phpBB. The worm uses the Google search

engine to try and find vulnerable bulletin boards on the web.

The Santy worm, which is written in Perl, spreads to vulnerable phpBB

bulletin boards on both Windows-based and Unix-based platforms. Once the

worm has spread to three or more servers it will attempt to overwrite all

HTM, PHP, ASP, SHTM, JSP and PHTM files with a Web page containing the

following message: This site is defaced!!! NeverEverNoSanity WebWorm

generation.

”The good news is that this worm only affects Web servers, not users who

visit any of these bulletin boards,” says Graham Cluley, senior

technology consultant for Sophos, in a Web posting. ”There have been

serious security vulnerabilities found in the phpBB software in the past

— and this incident underlines the importance of all people keeping

up-to-date with the latest security patches and fixes.”

Cluley says Sophos analysts believe the Dec. 21 release of Santy-A was

specifically designed to coincide with the Christmas holiday… and the

fact that a lot of IT personnel will be off from work.

”Can it really be coincidence that a worm which attacks Web bulletin

boards is released just as many companies and organizations which run

such messageboards are shutting down for Christmas?” asks Cluley. ”Many

Webmasters will be going home early for the holidays. And it’s likely

this worm will have a greater impact simply because the people who need

to be at their desks to fix the problem, are relaxing in front of the

fire.”

Sophos advises Webmasters who run the phpBB software to upgrade to the

most recent version of the software as soon as possible. Version 2.0.11

of phpBB is believed not to be vulnerable to the worm’s method of attack.

RELATED NEWS AND ANALYSIS

• Ethics and Artificial Intelligence: Driving Greater Equality

  FEATURE |  By James Maguire,
  December 16, 2020

• AI vs. Machine Learning vs. Deep Learning

  FEATURE |  By Cynthia Harvey,
  December 11, 2020

• Huawei’s AI Update: Things Are Moving Faster Than We Think

  FEATURE |  By Rob Enderle,
  December 04, 2020

• Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 18, 2020

• Key Trends in Chatbots and RPA

  FEATURE |  By Guest Author,
  November 10, 2020

• Top 10 AIOps Companies

  FEATURE |  By Samuel Greengard,
  November 05, 2020

• What is Text Analysis?

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 02, 2020

• How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 29, 2020

• Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 23, 2020

• The Super Moderator, or How IBM Project Debater Could Save Social Media

  FEATURE |  By Rob Enderle,
  October 16, 2020

• Top 10 Chatbot Platforms

  FEATURE |  By Cynthia Harvey,
  October 07, 2020

• Finding a Career Path in AI

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  October 05, 2020

• CIOs Discuss the Promise of AI and Data Science

  FEATURE |  By Guest Author,
  September 25, 2020

• Microsoft Is Building An AI Product That Could Predict The Future

  FEATURE |  By Rob Enderle,
  September 25, 2020

• Top 10 Machine Learning Companies 2021

  FEATURE |  By Cynthia Harvey,
  September 22, 2020

• NVIDIA and ARM: Massively Changing The AI Landscape

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  September 18, 2020

• Continuous Intelligence: Expert Discussion [Video and Podcast]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 14, 2020

• Artificial Intelligence: Governance and Ethics [Video]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 13, 2020

• IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI

  FEATURE |  By Rob Enderle,
  September 11, 2020

• Artificial Intelligence: Perception vs. Reality

  FEATURE |  By James Maguire,
  September 09, 2020