News 

Santy.A infects vulnerable versions of the phpBB bulletin board software. It uses Google to search for servers running the software and then sends a script to exploit a security hole in the software that allows it to control the software. It then scans the system and overwrites files ending with ASP, HTM, JSP, PHP, PHTM and SHTM and replaces them with files showing the text:

'This site is defaced!!! This site is defaced!!!. NeverEverNoSanity WebWorm generation.'

Once the infection is complete, Santy.A will run the Google query again looking for fresh victims.

Although Kaspersky rates the threat level as severe, end-users viewing infected message boards run no risk of their own systems being infected (unless they too have a web server running a vulnerable version of phpBB).

The company recommends upgrading the software to 2.0.11.

Note that our forums run phpBB which were upgraded to 2.0.11 some time ago.