Security firm PandaLabs says a worm that spoofs Google
is wending its way through the Internet via P2P networks.
Some downloaders hoping to snare free Star Wars games are unwittingly
finding themselves installing the worm, P2Load.A, that spreads on P2P
networks using the file-sharing programs Shareaza and Imesh, according to
The worm copies itself to the shared directory of these programs as an
executable file, according to the software security outfit. Once installed
the software changes the computer’s browser so that users attempting to
reach Google’s search engine are directed to a spoofed Google page hosted on
a server in Germany.
Once there, search results returned include sponsored links created by the
author of this malware, generating increased traffic to these Web sites,
according to PandaLabs.
The worm could spoof other popular Web sites by simply changing
the content of the downloaded file, because it modifies the HOSTS file by replacing it with a file downloaded from a remote Web site, instead of being included in the worm’s code, the security software firm said.
The worm can also use other phishing techniques against other Web sites.
According to a report released by Symantec’s Internet Security team today,
these attacks are increasingly performed for
Whereas during earlier stages of the Internet, security sabotage was
often performed for thrills, or a certain notoriety achieved with the attack,
now those seeking monetary rewards are flooding the Internet
with malicious software code.
The report said during the first half of 2005, the amount of malicious code
exposing confidential information was 74 percent of the top 50
malicious code samples reported to Symantec, up from 54 percent in the
previous six months.
It also reported that new viruses were targeting Microsoft Windows in greater
numbers, jumping 48 percent to nearly 11,000 compared to the previous six
months, as hackers used new tools and a growing sophistication to create
“As the financial rewards increase, attackers will likely develop more
sophisticated and stealthier malicious code that will be implemented in bot
features and bot networks, some of which could attempt to disable antivirus,
firewalls, and other security measures,” the report said.