RealTime IT News

New Worm Uses The Force

Security firm PandaLabs says a worm that spoofs Google is wending its way through the Internet via P2P networks.

Some downloaders hoping to snare free Star Wars games are unwittingly finding themselves installing the worm, P2Load.A, that spreads on P2P networks using the file-sharing programs Shareaza and Imesh, according to PandaLabs.

The worm copies itself to the shared directory of these programs as an executable file, according to the software security outfit. Once installed the software changes the computer's browser so that users attempting to reach Google's search engine are directed to a spoofed Google page hosted on a server in Germany.

Once there, search results returned include sponsored links created by the author of this malware, generating increased traffic to these Web sites, according to PandaLabs.

The worm could spoof other popular Web sites by simply changing the content of the downloaded file, because it modifies the HOSTS file by replacing it with a file downloaded from a remote Web site, instead of being included in the worm's code, the security software firm said.

The worm can also use other phishing techniques against other Web sites.

According to a report released by Symantec's Internet Security team today, these attacks are increasingly performed for financial gain.

Whereas during earlier stages of the Internet, security sabotage was often performed for thrills, or a certain notoriety achieved with the attack, now those seeking monetary rewards are flooding the Internet with malicious software code.

The report said during the first half of 2005, the amount of malicious code exposing confidential information was 74 percent of the top 50 malicious code samples reported to Symantec, up from 54 percent in the previous six months.

It also reported that new viruses were targeting Microsoft Windows in greater numbers, jumping 48 percent to nearly 11,000 compared to the previous six months, as hackers used new tools and a growing sophistication to create malicious code.

"As the financial rewards increase, attackers will likely develop more sophisticated and stealthier malicious code that will be implemented in bot features and bot networks, some of which could attempt to disable antivirus, firewalls, and other security measures," the report said.