Page 206 - DCAP408_WEB_PROGRAMMING
P. 206
Web Programming
Notes
Caselet Google Blocks Web Worm Santy.A
GOOGLE Inc has announced that it has blocked Santy.A, the Web worm which had identified
potential victims through its search and had spread among online bulletin boards using
vulnerability in phpBB, an open-source software product managed by the phpBB Group.
The Santy worm is the first to use a popular search engine to propagate itself.
The worm apparently worked by sending Google a specific search request, asking for a
list of vulnerable sites. On obtaining a list, the worm spread to the sites in it by using a
PHP request designed to exploit the vulnerability of the phpBB bulletin board software.
On infecting a Web site, Santy searched Google for other sites running phpBB. and tried to
infect those sites too. After Santy took over a site, it deleted all HTML, PHP, active server
pages (ASP), Java server pages (JSP), and secure HTML pages, and replaced them with the
text, “This site is defaced!!! This site is defaced!!! NeverEverNoSanity WebWorm generation
X.”
For X, the worm inserted a number representing its ‘generation’ - that is, how far it had
descended from the original worm release. According to one report, MSN searches had
suggested the existence of 24 generations of the worm.
Further, a phpBB component called viewtopic.php allowed malicious commands to be
passed to and executed on servers running a vulnerable version of the phpBB software.
The worm infected Web sites - but did not infect computers used to view those sites.
According to antivirus companies, Google has been successful in blocking the worm as
Santy. A does not have any native ability to scan for vulnerable computers.
They further point out that the worm is yet another instance of the practice known as
Google hacking which uses the search major’s service as an attack tool.
As it happens, the numero uno of search is also one of the most popular search engines
among hackers who often use it to find vulnerable targets for an attack. For instance,
attackers, by searching for default server page titles, are able to find servers which can be
exploited easily. Applications left in default modes can also be found by searching for
error pages generated by the software. Searches on Google for specific file names can also
identify vulnerable servers hooked up to the Internet.
Ironically, it is the very features that have made Google the most popular search engine in
the world that makes hackers use it. Most other search engines do not have the advanced
search option available on Google and do not cache old versions of Websites.
Security experts point to the spread of Santy to underline the need to keep on top of
software patches and “harden” the configuration of public-facing servers.
7.9 Summary
The Active Platform reflects Microsoft’s ideas about how a desktop computer and a server
computer should communicate. It consists of two parts: the Active Desktop, the client side,
and the Active Server, the server side.
The Active Server consists of pages called the Active Server pages that can be interpreted
by the server. Active Server Pages contains two parts which are programmatic code and
embedded HTML
200 LOVELY PROFESSIONAL UNIVERSITY
