One of my customers was hit with this worm yesterday. It is very quick to act (struct again after restoring from backup, before patching was possible) and brutal (replaces all html, php pages). I'm just glad that mod_basedir and PHP suexec are running. So my question is... is there an easy way to find all installations of phpBB2 (including those not done with Fantastico), and their versions? Does anyone have a script to detect and/or upgrade these? Thanks.