Fandom

Malware Wiki

Spyki

1,335pages on
this wiki
Add New Page
Comments0 Share


Spyki is a web-worm very similar to the Santy family.

Note: All code beyond here was imported from Spyki on the VirusInfo Wiki due to inactivity and chance of vandalism. No one could be contacted for permission. The Malware Wiki community does not take any credit for the following text, with no exceptions. Note left by Godzilla Gamer (talk) 13:10, July 13, 2014 (UTC). Remove this note if more First Party info is added!

Original Editors

See History

Behavior

Spyki searches for webservers using vulnerable versions of phpBB software (before version 2.0.11) using Google, Yahoo and AOL. It exploits a vulnerability in a phpBB file to gain access to the server.

The worm can send information remotely through 64 ports. It opens port 6667 to connect to an IRC server to listen for commands. The worm's code contains the string "Atrix Team".

Variants

Spyki was at first considered a variant of Santy, an earlier Perl worm. Some variants of Santy were renamed to Spyki after significant differences were found.

Sources

Esecurity Planet, Spyki-A Worm Targets phpBB. 2004.12.29

ISS.net, PHP include worm infects search engine-listed sites (HTTP_Spyki_PhpInclude_Worm).

Vsantivirus, Perl/Spyki.A. Infecta sitios que utilizan scripts PHP. 2004.12.28

Александр Гостев. SecureList Blog, Net-Worm.Perl.Spyki. 2004.12.27

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.