Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Re: Possible apache2/php 4.3.9 worm
From: "morning_wood" <se_cur_ity () hotmail com>
Date: Wed, 22 Dec 2004 10:53:28 -0800

Below are some examples of what an actual Santy search request would
look like:


http://www.google.com/search?num=100&hl=en&lr=&as_qdr=all&q=allinurl%3A+%22viewtopic.php%22+%22topic%3D27516%22&btnG=Search

http://www.google.com/search?num=100&hl=en&lr=&as_qdr=all&q=allinurl%3A+%22viewtopic.php%22+%22t%3D2580%22&btnG=Search

http://www.google.com/search?num=100&hl=en&lr=&as_qdr=all&q=allinurl%3A+%22viewtopic.php%22+%22p%3D6653%22&btnG=Search

If Google were to block this particular pattern of search request it
would stop the spread of the worm for now.

looks like they did...
------------ / snip / ----------------

Google Error

We're sorry...
.. but we can't process your request right now. A computer virus or spyware
application is sending us automated requests, and it appears that your
computer or network has been infected.
We'll restore your access as quickly as possible, so try again soon. In the
meantime, you might want to run a virus checker or spyware remover to make
sure that your computer is free of viruses and other spurious software.
We apologize for the inconvenience, and hope we'll see you again on Google.

------------ / snip / ------------------

cheers,

m.w
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]