NEWS FROM THE LAB - Tuesday, December 21, 2004

More on the new phpBB forum worm Posted by Mikko @ 15:46 GMT

This worm is written in Perl. It's searching vulnerable forum sites via Google. When a suitable site is found, the worm uses a remote exploit to gain access to it, defaces it and restarts random scanning for new hosts.

There has been several serious holes in the phpBB software over the years. One was discussed in Netcraft just days ago.

We don't know how many phpBB sites there are in the world, but Google search for inurl:phpbb inurl:viewtopic gives over a million hits...

The first defacement we heard about happened today at around 15:00 GMT.

Official home page of phpBB does not mention this incident yet.