Full Disclosure mailing list archives
Re: Re: Possible apache2/php 4.3.9 worm
From: "morning_wood" <se_cur_ity () hotmail com>
Date: Wed, 22 Dec 2004 10:53:28 -0800
Below are some examples of what an actual Santy search request would look like:
http://www.google.com/search?num=100&hl=en&lr=&as_qdr=all&q=allinurl%3A+%22viewtopic.php%22+%22topic%3D27516%22&btnG=Search
http://www.google.com/search?num=100&hl=en&lr=&as_qdr=all&q=allinurl%3A+%22viewtopic.php%22+%22t%3D2580%22&btnG=Search
http://www.google.com/search?num=100&hl=en&lr=&as_qdr=all&q=allinurl%3A+%22viewtopic.php%22+%22p%3D6653%22&btnG=Search
If Google were to block this particular pattern of search request it would stop the spread of the worm for now.
looks like they did... ------------ / snip / ---------------- Google Error We're sorry... .. but we can't process your request right now. A computer virus or spyware application is sending us automated requests, and it appears that your computer or network has been infected. We'll restore your access as quickly as possible, so try again soon. In the meantime, you might want to run a virus checker or spyware remover to make sure that your computer is free of viruses and other spurious software. We apologize for the inconvenience, and hope we'll see you again on Google. ------------ / snip / ------------------ cheers, m.w _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Possible apache2/php 4.3.9 worm, (continued)
- Re: Possible apache2/php 4.3.9 worm Brendan Dolan-Gavitt (Dec 21)
- Re: Possible apache2/php 4.3.9 worm DanB UK (Dec 22)
- Re: Possible apache2/php 4.3.9 worm Barrie Dempster (Dec 22)
- Re: Possible apache2/php 4.3.9 worm dk (Dec 22)
- Re: Possible apache2/php 4.3.9 worm DanB UK (Dec 23)
- Re: Possible apache2/php 4.3.9 worm dk (Dec 27)
- Re: Possible apache2/php 4.3.9 worm milw0rm Inc. (Dec 22)
- Re: Re: Possible apache2/php 4.3.9 worm morning_wood (Dec 22)
- RE: Re: Possible apache2/php 4.3.9 worm Patrick Nolan (Dec 22)
- Re: Re: Possible apache2/php 4.3.9 worm Max Valdez (Dec 23)