Overview
Within 24 hours of its release by X_Spec on 20 December 2004, a large number of websites (estimated by some at 30,000 to 40,000) were attacked by Santy. The worm holds a record of spreading worldwide within 3 hours of its release. The worm caused writable files (of formats such as .php and .html) on the infected server to display the message "This site is defaced!!! This site is defaced!!! NeverEverNoSanity WebWorm generation X", where X is a number representing the generation of the worm.
There have been variants of the worm, some that use alternative search engines after Google blocked queries from the Santy worm, and an anti-Santy anti-worm that attempts to patch vulnerable installations.
The phpBB Group had released a patch for the vulnerability a month before the attacks, in phpBB 2.0.11.
You can still find defaced websites by the Santy Worm. Use caution though when searching, some are infected with viruses. For those interested, search "this site has been defaced" on Google.
Read more about this topic: Santy