December 21, 2024

A good writeup of the Santy worm is at F-secure. Since I was already attacked with a simple version of the explot, I luckily developed immunity to it. But, the site was getting a lot of unregistered users with a referer of lwp-trivial. After I added a block of lwp, the traffic went back down to normal. I have also installed the Log Highlight Requests mod to block and log those who try to use the highlight vulnerability.

Links:
Patch of highlight bug
Santy worm makes unwelcome visit – BBC
Source code of the Santy worm
How it uses Google to spread