Google shuts off Santy worm

Google has responded to calls from antivirus companies to stop the advance of an internet worm that was using the search engine's technology to spread among online bulletin boards.

Antivirus companies say the Santy worm, which searches Google for sites that use a vulnerable version of the phpBB bulletin board software, is spreading quickly - it had already infected about 40,000 websites by Tuesday evening.

On Wednesday, a Google representative told silicon.com sister site ZDNet Australia that though Google users were not at risk from Santy, the search company had started blocking attempts by the worm to replicate.

"We are aware of an internet worm that exploits a vulnerability in third-party web servers that use PHP bulletin board software. While the worm does not put Google users at risk, we are working to help stop its propagation by blocking queries to Google that are generated by the worm," the representative said.

Google was prompted into action after antivirus companies, such as F-Secure, said it would be a "trivial" effort for Google to stop the spread of the worm because its methods of propagation were well-known.

Mikko Hypponen, research director of antivirus company F-Secure, said: "We've been trying to reach the right people at Google. They could stop this Santy outbreak right now simply by stopping responding to the queries the virus uses. This wouldn't hurt any end users and would in fact take a load off Google servers."

In August, a MyDoom variant used Google and other search engines to hunt for email addresses. The virus pumped so many queries into Google that the search engine was unavailable or very slow for large periods of time. The same variant of MyDoom also succeeded in knocking a number of smaller search engines - including Lycos and AltaVista - off the web completely.

Munir Kotadia writes for ZDNet Australia. CNET News.com's Robert Lemos contributed to this report.