Days after Google acted to thwart the Santy worm, security firms warned that variants have begun to spread using both Google and other search engines.
The Santy problem originally flared up a week ago as bulletin board Web sites found their pages erased and defaced by the worm's own text. The worm spread by targeting pages that used vulnerable versions of the PHP Bulletin Board (phpBB) software, and used Google to locate those pages.
After Google took measures to prevent the worm from executing Google searches for the faulty bulletin board software, Santy variants are making the rounds using AOL and Yahoo search, according to security firms, and are still targeting Google as well.
"Perl.Santy.B is a worm written in Perl script that attempts to spread to Web servers running versions of the phpBB 2.x bulletin board software prior to 2.0.11," warned Symantec in a Dec. 26 bulletin. "It uses AOL or Yahoo search to find potential new infection targets."
AOL, which uses Google for its underlying search technology, said on Tuesday that its search engine should benefit from whatever protective measures Google implemented.
"Google is only returning results associated with sites not vulnerable to the exploit packed by Perl.Santy," said AOL spokesman Andrew Weinstein. "So, as the issue has been handled by Google, we're able to say that we're blocking requests of this type."
Yahoo, which dumped Google's search technology in February, could not be reached for comment.
Several other variants are cropping up. Santy.c targets Google once again. Kaspersky Labs today renamed Santy.d and Santy.e Spyki.a and b., citing significant differences in the worms' structure from earlier Santies. The security firm also said the new worms were using the Brazilian Google for their exploits.
Security researches last week faulted Google for not responding more swiftly to the emerging Santy threat.
The Santy worm and its variants affect only targeted bulletin board sites and do not pose a threat to Web surfers who visit them.
Source: CNET News