Perl.Santy is a worm written in Perl script that attempts to spread to Web servers running versions of the phpBB 2.x bulletin board software prior to 2.0.11, which are vulnerable to the PHPBB Viewtopic.PHP PHP Script Injection Vulnerability (
BID 10701). Other systems are not affected. If successful, the worm copies itself to the server and overwrites the files with the following extensions:
- .asp
- .htm
- .jsp
- .php
- .phtm
- .shtm
The worm uses the Google search engine to find potential new infection targets. Google has now implemented blocking Perl.Santy search requests, which is expected to greatly reduce the worm's ability to propagate and lower the risk of further infections.
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
