Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: Possible apache2/php 4.3.9 worm

From: "morning_wood" <se_cur_ity () hotmail com>
Date: Wed, 22 Dec 2004 10:53:28 -0800
Below are some examples of what an actual Santy search request would
look like:



http://www.google.com/search?num=100&hl=en&lr=&as_qdr=all&q=allinurl%3A+%22viewtopic.php%22+%22topic%3D27516%22&btnG=Search



http://www.google.com/search?num=100&hl=en&lr=&as_qdr=all&q=allinurl%3A+%22viewtopic.php%22+%22t%3D2580%22&btnG=Search



http://www.google.com/search?num=100&hl=en&lr=&as_qdr=all&q=allinurl%3A+%22viewtopic.php%22+%22p%3D6653%22&btnG=Search


If Google were to block this particular pattern of search request it
would stop the spread of the worm for now.


looks like they did...
------------ / snip / ----------------

Google Error

We're sorry...
.. but we can't process your request right now. A computer virus or spyware
application is sending us automated requests, and it appears that your
computer or network has been infected.
We'll restore your access as quickly as possible, so try again soon. In the
meantime, you might want to run a virus checker or spyware remover to make
sure that your computer is free of viruses and other spurious software.
We apologize for the inconvenience, and hope we'll see you again on Google.

------------ / snip / ------------------

cheers,

m.w
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: