Santy.A virus
Moderator:Æron
-
erikbarrett
- Posts:496
- Joined:Wed Oct 15, 2003 3:51 pm
- Location:Ohio, USA
Apparently, there's a new virus going around. It's known as <i>Santy.A</i>, and it infects forum servers. While nobody is sure how it infects, there are people currently studying the virus.<br><br>Relevant articles:<br><br><a href='http://www.internetnews.com/security/ar ... hp/3450711' target='_blank'>http://www.internetnews.com/security/ar ... </a><br><a href='http://www.f-secure.com/v-descs/santy_a.shtml' target='_blank'>http://www.f-secure.com/v-descs/santy_a.shtml</a><br><a href='http://securityresponse.symantec.com/av ... santy.html' target='_blank'>http://securityresponse.symantec.com/av ... ty.html</a>
Still mostly here.
-
Ruedii-X
<!--QuoteBegin-erikbarrett+Dec 21 2004, 10:47 PM--> <table border='0' align='center' width='95%' ><tr><td class='quotetop'><b>Quote:</b> (erikbarrett @ Dec 21 2004, 10:47 PM)</td></tr><tr><td class='quotebody'> Apparently, there's a new virus going around. It's known as <i>Santy.A</i>, and it infects forum servers. While nobody is sure how it infects, there are people currently studying the virus.<br><br>Relevant articles:<br><br><a href='http://www.internetnews.com/security/ar ... hp/3450711' target='_blank'>http://www.internetnews.com/security/ar ... </a><br><a href='http://www.f-secure.com/v-descs/santy_a.shtml' target='_blank'>http://www.f-secure.com/v-descs/santy_a.shtml</a><br><a href='http://securityresponse.symantec.com/av ... santy.html' target='_blank'>http://securityresponse.symantec.com/av ... ty.html</a> <!--QuoteEnd--></td></tr></table> <!--QuoteEEnd--><br>Here is the link to the PHB BB official statement on the exploit used by the virus. It is in the PHP standard, not the Bulitine board software itself.<br><a href='http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=248046' target='_blank'>PHP BB Official statement</a><br><br>The major vulnerability is in PHP versions previous to 4.3.10 in the routines used by the software.<br><br>The other possible vulnerability is one in phpBB versions previous to 2.0.11, a quite a bit smaller hole, that is hard to exploit unless you use a default template, this is not mentioned in the release, but is a likely issue, as it does allow many exploits. The vulnerability is listed alesere These exploits are also easily user exploitable by a standard web browser to gain administrator access, which is a much more real threat than a virus, as an actual user is far more intellegent than you're typical "crawler worm virus" like this one.<br><br>Now do you get my point?!<br><br>It took me roughly 2 minutes to find that info, thus the solution proposed in those news articals is a bogus bandaid that will litterally do nothing but cause a more vicious variant to come out in a few days. It took me longer to write this post than to find the info for it.<br><br>Bandaiding an unrelated program being used by an exploit will not fix the problem, it will only postpone it. UPDATE YOU'RE SOFTWARE.
-
Burning Sheep Productions
- Posts:4175
- Joined:Fri Oct 31, 2003 8:56 am
- Location:Australia
- Contact:
I don't mean to derail this thread, but...<br><br>You have to admit, Sanity would be rather devestating in this forum. We'd all have to do without padded walls. And that's just painful. I mean, we'd have to start having <i>serious</i> conversations. And there's no fun in that.
<i>Hold the newsreader's nose squarely, waiter, or friendly milk will countermand my trousers.</i>
-
Ruedii-X
<!--QuoteBegin-GhostWay+Dec 22 2004, 04:54 PM--> <table border='0' align='center' width='95%' ><tr><td class='quotetop'><b>Quote:</b> (GhostWay @ Dec 22 2004, 04:54 PM)</td></tr><tr><td class='quotebody'> Well, I'm blind. Or dyslexic. This happens to me a fair amount on the inert net. <!--QuoteEnd--> </td></tr></table> <!--QuoteEEnd--><br> Sanity is the name of one of the primary exploits it uses. It's a confusion tactic used by virus writers.<br><br>Additionally, the software used on this forum is likely immune to this virus, although they better upgrade their PHP version in case similar viruses come out that attack a broader spectrum of boards. I'll gather the info tomarrow and post all known exploits on the server software used by this forum in a private message to FoxChild so he can relay it to the other administrators. I'll give a sumarized and less specific report, as to if there are any known vulnerabilities, and how to look out for people using them, and quick workarounds for an IE 6+ setup, and/or Firefox setup to prevent any issues utilizing clients and/or attacking clients until any and all holes are patched. They're mostly recomendations Microsoft omits that people should do on all sites that they don't have 100% trust in the content of. Firefox does this automatically unless you explicitly override.<br><br>Virus writers are a breed of amaturish black hats, and are usually very inexperienced. They are usually trained in Unix or Windows, but improperly so if in Unix, which is why they likely would do such a dasteredly deed for attention. They tend to not have the intellect to realize that they will loose all control of their creation once it gets in the wild, or the knowledge to realize that their coding style, and/or bragging will trace the virus right back to them, and they will be promptly arrested.<br><br>I wouldn't bother with such amatures unless I was hired to do so, or given a heafty bounty offer. I usually spend my hacking time tracking spammers. You usually end up running in circles from all the red hearings, but it's fun, and develops you're skillz in working with publicly available information, a truely important skill that is often neglected.<br><br>BTW, if the admins want I can pull all the info they would ever want to know about this site. It would be a cool demonstration to do for you guys. They would also get to know what Black-Hat hackers can easily find out about their setup, without setting off any bells or wistles and what they can do to prevent attacks from these hackers.<br><br><br>
-
Ruedii-X
<!--QuoteBegin-GhostWay+Dec 22 2004, 04:27 PM--> <table border='0' align='center' width='95%' ><tr><td class='quotetop'><b>Quote:</b> (GhostWay @ Dec 22 2004, 04:27 PM)</td></tr><tr><td class='quotebody'> I don't mean to derail this thread, but...<br><br>You have to admit, Sanity would be rather devestating in this forum. We'd all have to do without padded walls. And that's just painful. I mean, we'd have to start having <i>serious</i> conversations. And there's no fun in that. <!--QuoteEnd--> </td></tr></table> <!--QuoteEEnd--><br> The people that don't know what they're doing can be the most distructive. Haven't you realized that yet.<br><br>People with a clear strong intellect know exactly how to deal with it, and when not doing something is a good idea. However, those with only high intellegence and destructive intent can create major problems.<br><br>Like I said, if a REAL genius did this virus, it would be a LOT worse. My main consern is if these are just a few "warning shots" and the real virus will be the 3rd or 4th variant. Some person with too much brain power and too little disipline wrote this virus up in a matter of days, roughly 3 by my estamate, if he got the info for it where I think he did. He actually quickly wrote a second revision of the virus withen 24 hours. The Santy.A you are hearing about is the second revision of the Santy virus.<br><br>I was wondering if it had to do with a massicer in Mexico a few years back on the date of the virus release. Some idiot probably thought it would be a good political statement, needless to say the attack was accused of being to squelch free speech and the virus attacks public forums. However, it was the most recent easily programable exploit of great repllication capability available 3 days prior.
Who is online
Users browsing this forum: No registered users and 8 guests