Share This:

Tech Time Warp

Twenty years ago, network administrators found themselves dealing with an unwelcome holiday visitor: not Santa, but Santy. Learn all about it in this edition of Tech Time Warp.

The Santy worm was malware written in the Perl language. It didn’t target PCs but rather online bulletin boards running free phpBB software. Like MyDoom a few months prior, Santy spread via search engines—which meant Google faced almost immediate calls from cybersecurity experts to stop the worm in its tracks. Worms that spread via search engines like MyDoom and Santy had the ability to slow down large search engines like Google and completely crash smaller search engines (remember Lycos and AltaVista?).

Santy worm defaces thousands of sites

Santy searched Google for bulletin board sites that contained the file viewtopic.php and thus a corresponding PHP vulnerability, then attacked those sites via SQL injection. The only payload was the overwriting of .htm, .php, .asp, .shtm, .jsp, and .phtm files with the words “This site is defaced!!! This site is defaced!!! NeverEverNoSanity WebWorm generation.”

Google did heed the requests of security firms and began blocking search requests for viewtopic.php, but by Dec. 21, 2004, nearly 40,000 sites had been defaced. (And Santy moved its search to AOL and Yahoo anyway.) The real solution came in the form of a software update that fixed the PHP vulnerability. This spawned a white hat worm called “Anti-Santy-Worm” that searched for defaced sites and then tried to install a patch.

Did you enjoy this installation of SmarterMSP’s Tech Time Warp? Check out others here.

Photo: bcreigh / Shutterstock


Share This:
Kate Johanns

Posted by Kate Johanns

Kate Johanns is a communications professional and freelance writer with more than 13 years of experience in publishing and marketing.

Leave a reply

Your email address will not be published. Required fields are marked *