Spyki
Spyki
Type Web worm
Creator The Atrix Team
Date Discovered 2004.12.27
Place of Origin Brazil
Source Language Perl
Platform Perl
File Type(s)
Infection Length
Reported Costs

Spyki is a web worm that affects PHP software. It is very similar to Santy. This worm uses Google, Yahoo and AOL search to find victims.
Table of Contents

Behavior

Spyki searches for webservers using vulnerable versions of phpBB software (before version 2.0.11) using Google, Yahoo and AOL. It exploits a vulnerability in a phpBB file to gain access to the server.

The worm can send information remotely through 64 ports. It opens port 6667 to connect to an IRC server to listen for commands. The worm's code contains the string "Atrix Team".

Variants

Spyki was at first considered a variant of Santy, an earlier Perl worm. Some variants of Santy were renamed to Spyki after significant differences were found.

Sources

Esecurity Planet, Spyki-A Worm Targets phpBB. 2004.12.29

ISS.net, PHP include worm infects search engine-listed sites (HTTP_Spyki_PhpInclude_Worm).

Vsantivirus, Perl/Spyki.A. Infecta sitios que utilizan scripts PHP. 2004.12.28

Александр Гостев. SecureList Blog, Net-Worm.Perl.Spyki. 2004.12.27

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License