Welcome to the Virus Encyclopedia of Panda Security.
It compromises servers running a vulnerable version of the application phpBB. It allows remote access to affected servers.
|First detected on:||Dec. 28, 2004|
|Detection updated on:||Dec. 28, 2004|
Spyki.A is a worm that affects servers running a version of the application phpBB prior to 2.0.11. phpBB is an open source program used to easily create bulletin boards, forums and newsgroups. It uses a vulnerability in one of the files belonging to phpBB in order to gain remote access to those servers; this vulnerability is known as Remote URLDecode Input Validation.
Once it has affected a server, the worm carries out several actions, in order to allow remote access to the affected server:
- It installs several programs, which can be controlled via IRC in order to automatically perform malicious actions (commonly known as bots).
- It opens TCP port 6667 and connects to an IRC server in order to receive remote control commands.
- It scans several ports, in order to check if they are open.
Bear in mind that your computer cannot be affected by Spyki.A unless a vulnerable version of phpBB is installed.
If your computer is running a version of phpBB prior to 2.0.11, please update it to this version or later.
Spyki.A is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.
However, keep in mind that Spyki.A could slow down or even block the affected server.