The Santy worm, which searches Google for sites running software written in PHP containing a security hole that Santy exploits, is being tackled by Google
. They have started blocking attempts by the worm to replicate. The worm, which searches Google for sites that use a vulnerable version of the phpBB bulletin board software, has already infected some 40,000 Web sites.
"We are aware of an Internet worm that exploits vulnerability in third-party Web servers that use PHP bulletin board software. While the worm does not put Google users at risk, we are working to help stop its propagation by blocking queries to Google that are generated by the worm."
Google responded to the threat when antivirus companies such as F-Secure said that it would be a "trivial" effort for Google to stop the spread of the worm. Apparently, this is because the worm uses very well known methods of propagation.
"We've been trying to reach the right people at Google. They could stop this Santy outbreak right now simply by stopping responding to the queries the virus uses. This wouldn't hurt any end users and would in fact take a load off Google servers."
- Mikko Hypponen, research director of antivirus company F-Secure.