Welcome to the Virus Encyclopedia of Panda Security.
It compromises servers running a vulnerable version of the application phpBB. It creates a backdoor and connects to IRC servers. It deletes certain files on the affected computer.
|First detected on:||Dec. 25, 2004|
|Detection updated on:||Dec. 27, 2004|
Santy.B is a worm that affects servers running a version of the application phpBB prior to 2.0.11. phpBB is an open source program used to easily create bulletin boards, forums and newsgroups. It uses a vulnerability in one of the files belonging to phpBB in order to gain remote access to those servers; this vulnerability is known as Remote URLDecode Input Validation.
Once it has affected a server, the worm attempts to obtain several malicious scripts, which would enable it to install a backdoor on the affected server and connect to IRC servers.
Additionally, Santy.B deletes all the files called SSH (and any extension) or whose file name begins with BOT.
Bear in mind that your computer cannot be affected by Santy.B unless a vulnerable version of phpBB is installed.
If your computer is running a version of phpBB prior to 2.0.11, please update it to this version or later.
Santy.B is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.
However, keep in mind that Santy.B could slow down or even block the affected server.