Google-Spoofing Worm
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Y! MyWeb
Share:
Sponsors:
Robert McMillan,
Downloaders looking for a free Star Wars game may instead find themselves installing a new worm that gives them dodgy Google search results.
The worm, called P2Load.A, is being spread on P-to-P (peer-to-peer) programs like Shareaza and Imesh, masquerading as a free version of the Lucasfilm game Knights of the Old Republic II, says Forrest Clark, senior manager of consumer product marketing with antivirus vendor Panda Software.
P2Load.A first began spreading on Wednesday and is most widely spread in the United States and Chile, Clark says.
When the software is installed, it makes changes to the computer's browser so that any user trying to access Google's search engine is instead presented with a Google look-alike page, hosted on a server in Germany.
The page appears to be a working copy of the Google search engine that gives nearly identical search results. But the sponsored links are different, Clark says. "What they're doing is replacing all of the AdWords ads with fake ads, and they're selectively changing some of the search results," he explains.
Even users who mistype the www.google.com address are redirected to the fake site, which also supports the same range of languages as Google.com. This redirection is achieved by modifying the hosts file in the infected computer's operating system, which is a kind of address book used to quickly connect the browser to Web sites.
By changing this file, the worm's authors could spoof other popular Web sites and possibly modify this attack for phishing, Clark says.
Money Maker
The P2Load.A worm seems to have been written to make money for its authors by increasing the number of visitors directed to the sites listed in the phony sponsored links results, Clark says.
Users infected with the worm will notice one other side effect: Their browser's start page will be modified to display what appears to be a shopping site.
P2Load.A affects Windows computers running either the Firefox or the Internet Explorer browsers, according to Panda.
Article submitted by: Webshark
Last Update: 11-02-2005
Category: Security
Downloaders looking for a free Star Wars game may instead find themselves installing a new worm that gives them dodgy Google search results.
The worm, called P2Load.A, is being spread on P-to-P (peer-to-peer) programs like Shareaza and Imesh, masquerading as a free version of the Lucasfilm game Knights of the Old Republic II, says Forrest Clark, senior manager of consumer product marketing with antivirus vendor Panda Software.
P2Load.A first began spreading on Wednesday and is most widely spread in the United States and Chile, Clark says.
When the software is installed, it makes changes to the computer's browser so that any user trying to access Google's search engine is instead presented with a Google look-alike page, hosted on a server in Germany.
The page appears to be a working copy of the Google search engine that gives nearly identical search results. But the sponsored links are different, Clark says. "What they're doing is replacing all of the AdWords ads with fake ads, and they're selectively changing some of the search results," he explains.
Even users who mistype the www.google.com address are redirected to the fake site, which also supports the same range of languages as Google.com. This redirection is achieved by modifying the hosts file in the infected computer's operating system, which is a kind of address book used to quickly connect the browser to Web sites.
By changing this file, the worm's authors could spoof other popular Web sites and possibly modify this attack for phishing, Clark says.
Money Maker
The P2Load.A worm seems to have been written to make money for its authors by increasing the number of visitors directed to the sites listed in the phony sponsored links results, Clark says.
Users infected with the worm will notice one other side effect: Their browser's start page will be modified to display what appears to be a shopping site.
P2Load.A affects Windows computers running either the Firefox or the Internet Explorer browsers, according to Panda.
Article submitted by: Webshark
Last Update: 11-02-2005
Category: Security
Current rating: 5.46 by 30 users
| Would you recommend this article to a friend? |
| Not a Chance | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | Absolutely |
Related News Stories
(9,413 reads) 07-05-2008
· Fusion Security(15,104 reads) 06-02-2007
· NukeSentinel(tm)2.5.10 Critical Update(13,860 reads) 05-07-2007
· NukeSentinel(tm) 2.5.08 Maintainance Release(15,334 reads) 03-15-2007
· NukeSentinel(tm) 2.5.07 Reissued: Critical Update(13,830 reads) 03-02-2007
· NukeSentinel(tm) 2.5.06: Critical Update(14,592 reads) 01-23-2007
· NukeSentinel(tm) 2.5.05 released(14,616 reads) 12-24-2006
· NukeSentinel 2.5.04 released(14,342 reads) 11-03-2006
· NukeSentinel(tm) 2.5.03 Released(18,181 reads) 10-19-2006
· Php Nuke 8.0 Patched(14,568 reads) 10-01-2006
· ipBan Modification
Please register or sign-in to post comments.