Geek News: Latest Technology, Product Reviews, Gadgets and Tech Podcast News for Geeks

Sprechen Sie Google?

Posted by geeknews at 10:54 AM on September 18, 2005

A new worm, named P2Load.A, is in the wild. Once infected, users of Google’s search engine are redirected to a spoofed site in Germany that looks just like the powerhouse search engine’s main page. Spoofed search results include new, top-of-list links to advertisers who are not a member of Google’s desired advertiser list.


The worm affects computers by downloading a new HOSTS file. Because the worm downloads a new HOSTS file, rather than inserting directly as part of the infection process, the HOSTS file can be updated, again and again. The HOSTS file overrides the Internet’s DNS (Domain Name Service) and redirects domains to artificial IP addresses.

Dave’s Opinion
P2Load.A also modifies the start page and the search options of Internet Explorer The worm is spread through the P2P programs Shareaza and Imesh.

As always, I strongly recommend users to keep antivirus signatures updated every day. I use Computer Associates eTrust EZ Armor, that updates its antivirus data every hour, and it includes an excellent firewall application.

Call for Comments
What do you think? Leave your comments below.

References
Panda Software P2Load.A Data
eTrust EZ Armor

One Comment

  1. From Jeremy Emberling at 8:22 pm on September 18, 2005

    You know, this could be prevented if users locked down their hosts file. I use Spyware Blaster, and TweakNow PowerPack 2005, which lock it down for me.
    TweakNow PowerPack 2005 also backs up my hosts file, and even encrypts it with a SAM file, can’t beat that!