Re: New Santy-Worm attacks *all* PHP-skripts

["morning_wood" <se_cur_ity () hotmail com>]

> The relevant code:
> ---------
> $procura = 'inurl:*.php?*=' . $numr;
>
> for($n=0;$n<900;$n += 10){
> $sock = IO::Socket::INET->new(PeerAddr => "www.google.com.br", PeerPort =>
> 80, Proto => "tcp") or next;
> print $sock "GET /search?q=$procura&start=$n HTTP/1.0\n\n";
nothing new here...
unless... we try the L337 G00GLE HAX0R S34RCH STR!NGZ
http://www.google.com/search?q=inurl:*.php%3F*%3D&hl=en&lr=&newwindow=1&start=90&sa=N

BUT !!!  LIES !!! LIES I SAY !!!!
GOOGLE IS TELLING ME I AM INFECTED ( lmfao )

------------------- / SNIP /------------------
"and it appears that your computer or network has been infected"
-------------------/ SNIP /------------------

WRONG ANSWER WRONG EXPLAINATION WRONG JUST WRONG

We're sorry...
.. but we can't process your request right now. A computer virus or spyware
application is sending us automated requests, and it appears that your
computer or network has been infected.
We'll restore your access as quickly as possible, so try again soon. In the
meantime, you might want to run a virus checker or spyware remover to make
sure that your computer is free of viruses and other spurious software.
We apologize for the inconvenience, and hope we'll see you again on Google.




bleh,  now i need to find a new best friend... GOOGLE LIED :(
m.w
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html