If you are running PHPBB on your site, now would be a really good time to ensure you have the latest fully patched versions of both the forum and PHP itself. The recently released Santy worm uses Google to find and target installed copies of the PHPBB forum that are at risk of recently disclosed PHP security flaws. If you see a site with the text “NeverEverNoSanity” on it (and not much else), then the chances are good that you are looking at a site hacked by the worm. Apparently around 40,000 sites have been affected so far.
Browsing an affected site will not cause any issues as the worm only infects the servers. You can read about the worm at F-secure If the full name is anything to go by, this worm was written in Perl sad to say, however it should indicate just how versatile and powerful Perl can be in the right (or wrong as in this case) hands.
INSERT! The day after this story was written, Google has removed Santy’s ability to search for vunerable systems to infect. That does not mean you don’t have to update your systems however, because a new variant could easily appear that bypasses Googles blocking mechanism.