December 21, 2004 5:36 PM PST

Google squashes Santy worm

Google has responded to calls from antivirus companies to stop the advance of an Internet worm that was using the search engine's technology to spread among online bulletin boards.

Antivirus companies say the Santy worm, which searches Google for sites that use a vulnerable version of the phpBB bulletin board software, was spreading quickly and had already infected about 40,000 Web sites by Tuesday evening.

On Wednesday, a Google representative told ZDNet Australia that though Google users were not at risk from Santy, the search company had started blocking attempts by the worm to replicate.

"We are aware of an Internet worm that exploits a vulnerability in third-party Web servers that use PHP bulletin board software. While the worm does not put Google users at risk, we are working to help stop its propagation by blocking queries to Google that are generated by the worm," the representative said.

Google was prompted into action after antivirus companies, such as F-Secure, said it would be a "trivial" effort for Google to stop the spread of the worm because its methods of propagation were well-known.

"We've been trying to reach the right people at Google," said Mikko Hypponen, research director of antivirus company F-Secure. "They could stop this Santy outbreak right now simply by stopping responding to the queries the virus uses. This wouldn't hurt any end users and would in fact take a load off Google servers."

In August, a MyDoom variant used Google and other search engines to hunt for e-mail addresses. The virus pumped so many queries into Google that the search engine was unavailable or very slow for large periods of time. The same variant of MyDoom also succeeded in knocking a number of smaller search engines--including Lycos and AltaVista--off the Web completely.

Munir Kotadia of ZDNet Australia reported from Sydney. CNET News.com's Robert Lemos contributed to this report.

 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.