Welcome to the Virus Encyclopedia of Panda Security.
It overwrites web pages with an ASP, HTM, JSP, PHP, PHTM and SHTM extension.
|First detected on:||Dec. 21, 2004|
|Detection updated on:||Dec. 22, 2004|
Santy.A is a worm that affects servers running a version of the application phpBB prior to 2.0.11. phpBB is an open source program used to easily create bulletin boards, forums and newsgroups. It uses a vulnerability in one of the files belonging to phpBB in order to gain remote access to those servers.
The worm overwrites all the files with an ASP, HTM, PHP, PHTM and SHTM extension, which are web pages hosted in the server, and replaces them with a HTML code that displays a certain message. If any newsgroups or forums users attempt to access the web pages hosted in the server, they will be presented with that message.
Bear in mind that your computer cannot be affected by Santy.A unless a vulnerable version of phpBB is installed.
If your computer is running a version of phpBB prior to 2.0.11, please update it to this version or later.
Santy.A is easy to recognize once it has affected the computer, as it overwrites all the files with an ASP, HTM, PHP, PHTM and SHTM extension, and replaces them with the following message:
NeverEverNoSanity WebWorm generation X
where X are consecutive digits, depending on the number of servers it has affected.
Additionally, Santy.A also slows down or even blocks the affected server.