Reports spread quickly of the online worm, Santy.A, which targets web servers running phpBB, an opensource online forums software, developed and maintained by the phpBB Group.

The worm searches for sites with phpBB software via search engines, such as Google, Yahoo and MSN. It targets viewtopic.php file that allows the passing and execution of malicious commands on the server. The worm then defaces the site and replaces it with "This site is defaced!!! NeverEverNoSanity WebWorm."

The worm was first detected Tuesday, November 19th, by security firms and the updated version of the phpBB forums software was issued on November 18th,, a day before the announcement.

According to security firms, the worm was probably spreading silently for some time, but did not get caught until November.

Google, one of the brand names in search engines, announced its decision to block Internet keywords that may support the worm. In other words, Santy.A worm will not be able to use Google to search for vulnerable sites with vulnerable versions of phpBB forums software.

Security analysts stated that this is another variant of the worm that depicts the future spreading of viruses and worms by using search engines.

Santy.A will not deface all sites with vulnerable versions of phpBB, as it is not equipped to pass through all server configurations.

Google seemed to be the most popular search engine for Santy.A related "vulnerability scans" while Yahoo and MSN were far behind.