Responding to calls from antivirus firms, Google has taken steps to stop the spread of an Internet worm called Santy worm.
The santy worm was first spotted early Tuesday morning and was using Google’s search engine technology to spread among online bulletin boards. Several antivirus firms, such as F-Secure, had called Google to take action to stop the Internet worm that was using the search engine's technology to spread among online bulletin boards which had infected around 40,000 websites.
The modus oprandi of the Santy worm is it searches Google for sites using a vulnerable version of the phpBB bulletin board software; once Santy infects servers running the phpBB software, it scans directories on the infected site and overwrites files with the extensions HTM, PHP, ASP, SHTM, JSP, and PHTM with the text "This site is defaced!!! This site is defaced!!! NeverEverNosanty WebWorm generation".
The worm also launches a search on the Google search engine for URLs that use a special string, viewtopic.php, which is common to bulletin boards written using the phpBB software.
However, Google representative said that though Google users were not at risk from Santy, nonetheless the search company had started blocking attempts by the worm to replicate.
In August, a MyDoom variant used Google and other search engines to hunt for e-mail addresses. The virus forced so many queries into Google that the search engine was unavailable or very slow for large periods of time. The same variant of MyDoom also succeeded in knocking a number of smaller search engines, including Lycos and AltaVista off the websites completely.
