A new version of the Santy worm appeared over the weekend, and according to analysis done by some security firms, poses a broader threat than its ancestors, which used Google to spot vulnerable Web bulletin boards, then defaced them.
Dec. 27, 2004 TechWeb - InformationWeek Dubbed Santy.e, the worm differs significantly from its predecessors, said Moscow-based Kaspersky Labs in an alert. Rather than target only those Web sites running phpBB, software for creating Internet forums using the PHP scripting language, the worm can exploit any site that's left allowed arbitrary file inclusion into PHP scripts. "This can only be prevented with decent, secure coding," said Kaspersky Labs. "Every site [that uses PHP] is potentially in danger." Kaspersky noted that it had already received reports of Websites attacked by infected systems, and that some servers have been compromised or dramatically slowed down as their loads climbed under constant probing.
The only easy day was yesterday.
...some do, some don't; some will, some won't (WR)