Sprechen Sie Google?

A new worm, named P2Load.A, is in the wild. Once infected, users of Google’s search engine are redirected to a spoofed site in Germany that looks just like the powerhouse search engine’s main page. Spoofed search results include new, top-of-list links to advertisers who are not a member of Google’s desired advertiser list.

The worm affects computers by downloading a new HOSTS file. Because the worm downloads a new HOSTS file, rather than inserting directly as part of the infection process, the HOSTS file can be updated, again and again. The HOSTS file overrides the Internet’s DNS (Domain Name Service) and redirects domains to artificial IP addresses.

Dave’s Opinion
P2Load.A also modifies the start page and the search options of Internet Explorer The worm is spread through the P2P programs Shareaza and Imesh.

As always, I strongly recommend users to keep antivirus signatures updated every day. I use Computer Associates eTrust EZ Armor, that updates its antivirus data every hour, and it includes an excellent firewall application.

Call for Comments
What do you think? Leave your comments below.

Panda Software P2Load.A Data
eTrust EZ Armor

About geeknews

Todd Cochrane is the Founder of Geek News Central and host of the Geek News Central Podcast. He is a Podcast Hall of Fame Inductee and was one of the very first podcasters in 2004. He wrote the first book on podcasting, and did many of the early Podcast Advertising deals in the podcasting space. He does two other podcasts in addition to Geek News Central. The New Media Show and Podcast Legends.

One thought on “Sprechen Sie Google?

  1. You know, this could be prevented if users locked down their hosts file. I use Spyware Blaster, and TweakNow PowerPack 2005, which lock it down for me.
    TweakNow PowerPack 2005 also backs up my hosts file, and even encrypts it with a SAM file, can’t beat that!

Comments are closed.