x
48h OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
SPECIAL OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
HALLOWEEN OFFER
take advantage of our
terrific discounts
BUY NOW AND GET A 50% OFF
x
CHRISTMAS OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 40% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 50% OFF
x
BLACKFRIDAY OFFER
Buy the best antivirus
at the best price
TODAY ONLY UP TO 70% OFF
x
CYBERMONDAY OFFER
Buy the best antivirus
at the best price
(Only for homeusers)
TODAY ONLY UP TO 70% OFF
Active Scan. Scan your PC free
Panda Protection

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Santy.A

Threat LevelModerate threatDamageHighDistributionNot widespread
Common name:Santy.A
Technical name:PHP/Santy.A.worm
Threat level:Low
Type:Worm
Effects:  

It overwrites web pages with an ASP, HTM, JSP, PHP, PHTM and SHTM extension.

Affected platforms:

Unix; IIS; Linux

First detected on:Dec. 21, 2004
Detection updated on:Dec. 22, 2004
StatisticsNo

Brief Description 

    

Santy.A is a worm that affects servers running a version of the application phpBB prior to 2.0.11. phpBB is an open source program used to easily create bulletin boards, forums and newsgroups. It uses a vulnerability in one of the files belonging to phpBB in order to gain remote access to those servers.

The worm overwrites all the files with an ASP, HTM, PHP, PHTM and SHTM extension, which are web pages hosted in the server, and replaces them with a HTML code that displays a certain message. If any newsgroups or forums users attempt to access the web pages hosted in the server, they will be presented with that message.

Bear in mind that your computer cannot be affected by Santy.A unless a vulnerable version of phpBB is installed.

If your computer is running a version of phpBB prior to 2.0.11, please update it to this version or later.

Visible Symptoms 

    

Santy.A is easy to recognize once it has affected the computer, as it overwrites all the files with an ASP, HTM, PHP, PHTM and SHTM extension, and replaces them with the following message:

This site is defaced!!!

NeverEverNoSanity WebWorm generation X

where X are consecutive digits, depending on the number of servers it has affected.

Additionally, Santy.A also slows down or even blocks the affected server.