The system was found to be infected with Perl.Santy worm. This is a worm
written in perl script which exploits an input validation problem in php bulletin board
software (phpBB). An intruder can deface a phpBB website, execute arbitrary commands, or gain
administrative privileges on a compromised web server. All the Web Servers running versions
of the php2.x bullentin board prior to 2.0.11, are vulnerable to this exploit.
This particular worm writes itself to a file named "m1ho2of" on the system.
It then overwrites all the files ending with .htm, .php, .asp. shtm, .jsp, and
.phtm replacing them with HTML content:
This site is defaced!!.
NeverNoSanity WebWorm generation X
It then propogates further by looking for more such systems using google as search tool.