Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » Perl/Santy.A

Overview

Threat Risk LOW LOW
Destructivity MEDIUM MEDIUM
Payload Overwrites HTML-pages and defaces web sites.
Detection files published
Description created 22 Dec 2004 02:16:00
Description updated 22 Dec 2004 02:16:00
Malware type WORM
Alias Exploit.Perl.Gog.A
WORM_SANTY.A
Net-Worm.Perl.Santy.a
PHP/Santy.A.worm
Spreading mechanism OTHER
Summary None

Perl/Santy.A

Spreading

The worm uses Google to search for web pages which contain phpBB-specific strings, and then uses the list returned as a list of possible targets to attack. If vulnerable, the worm can infect the remote servers.

Payload Details

Upon execution, the worm searches for *.HTM, *.PHP, *.ASP, *.SHTM, *.JSP and *.PHTM files and overwrites them with its own HTML-page.

Analysis

n/a

Removal

n/a


Last Updated: 12 Nov 2015 11:06:15