there is this from f-secure with some detail of after effects. http://www.f-secure.com/v-descs/santy_a.shtml ----- Original Message ----- From: cw <nanog@fidei.co.uk> Date: Tuesday, December 21, 2004 3:47 pm Subject: Re: Sanity worm defaces websites using php bug

Does anyone have any more detail on exactly what this thing does after it gets into a system?

The cgi platform for a company I use has been hit and the effect is not just limited to phpBB, it seems to get into the server and then go through everything it can write to..

I lost a copy of UBB to this worm even though I don't rund phpBB off the same vhost.

Gonna be a nightmare for server ops to ensure that all client copies of phpBB are patched..