Talk With an Expert

What is Santy bringing you this year?

What is Santy bringing you this year? (PDF, 3.60MB)Published: 05 May, 2005
Created by
Pieter Danhieux
Pieter Danhieux

This paper was written to partially fulfill the requirements for the GIAC Certified Incident Handler certification. It is about the Santy worm found in the wild around December 21st, 2004. This early and evil 'Santa Claus' present caused some serious havoc for administrators of phpBB bulletin board software around Christmas 2004 defacing almost 40 thousand phpBB sites in a short period. It is one of the first worms that efficiently use search engines such as Google1 to find their potential targets. Therefore an analysis of the techniques used and a description of the incident handling process seemed useful to me. I hope it is useful to the security community as well.

Meet the expert

Pieter Danhieux
Pieter Danhieux

Pieter Danhieux

Principal Instructor

Pieter Danhieux is Co-founder and Chief Architect of the Secure Code Warriorplatform (http://www.securecodewarrior.com), a gamified environment where developers and security testers can learn how to properly identifyand fix security weaknesses in software.

Read more about Pieter Danhieux