X
Business

Santy worm squished by Google

Google has responded to calls from antivirus firms to stop the spread of an Internet worm that was using the search engine's technology to spread among online bulletin boards.Antivirus firms say the Santy worm, which searches Google for sites using a vulnerable version of the phpBB bulletin board software, was spreading quickly and had already infected around 40,000 Web sites by Tuesday evening.
Written by Munir Kotadia, Contributor
Google has responded to calls from antivirus firms to stop the spread of an Internet worm that was using the search engine's technology to spread among online bulletin boards.

Antivirus firms say the Santy worm, which searches Google for sites using a vulnerable version of the phpBB bulletin board software, was spreading quickly and had already infected around 40,000 Web sites by Tuesday evening.

On Wednesday, a Google spokesperson told ZDNet Australia  that although Google users were not at risk from Santy, the search company had started blocking attempts by the worm to replicate.

"We are aware of an Internet worm that exploits a vulnerability in third-party Web servers that use PHP Bulletin Board software. While the worm does not put Google users at risk, we are working to help stop its propagation by blocking queries to Google that are generated by the worm," the spokesperson said.

Google was prompted into action after antivirus firms, such as F-Secure, said it would be "trivial" for Google to stop the spread of the worm because its methods of propagation were well known.

Mikko Hypponen, research director of antivirus firm F-Secure, said: "We've been trying to reach the right people at Google. They could stop this Santy outbreak right now simply by stopping responding to the queries the virus uses. This wouldn't hurt any end users and would in fact take load off from Google servers."

In August, a MyDoom variant used Google and other search engines to search for e-mail addresses. The virus pumped so many queries into Google that the search engine was unavailable or very slow for large periods of time. The same variant of MyDoom also succeeded in knocking a number of smaller search engines -- including Lycos and Altavista -- off the Web completely.

Robert Lemos contributed to this report

Editorial standards