A Web worm that identifies potential victims by searching Google is spreading among online bulletin boards using a vulnerable version of the program phpBB, security professionals said on Tuesday.

The Santy worm uses a flaw in the widely used community forum software known as the PHP Bulletin Board (phpBB) to spread, according to updated analyses. The worm searches Google for sites using a vulnerable version of the software, antivirus firm Kaspersky said in a statement.

Almost 40,000 sites may have already been infected. Using Microsoft's Search engine to scan for the phrase "NeverEverNoSanity"--part of the defacement text that the Santy worm uses to replace files on infected Web sites--returns nearly 39,000 hits.

http://news.zdnet.com/2100-1009_22-5...ml?tag=nl.e589