Santy


Santy is a computer worm created in Perl to exploit a vulnerability in phpBB software which used Google to spread across the Internet.

Overview

Within 24 hours of its release on 20 December 2004, about 30,000 to 40,000 websites were attacked by Santy. The worm holds a record of spreading worldwide within three hours of its release. It caused writable files on the infected servers to display the message "This site is defaced!!! This site is defaced!!! NeverEverNoSanity WebWorm generation X", where X is a number representing the generation of the worm.
There have been variants of the worm, some that use alternative search engines after Google blocked queries from the Santy worm, and an anti-Santy anti-worm that attempts to patch vulnerable installations.
The phpBB Group had released a patch for the vulnerability a month before the attacks, in phpBB 2.0.11.