A new worm, named P2Load.A, is in the wild. Once infected, users of Google’s search engine are redirected to a spoofed site in Germany that looks just like the powerhouse search engine’s main page. Spoofed search results include new, top-of-list links to advertisers who are not a member of Google’s desired advertiser list.
The worm affects computers by downloading a new HOSTS file. Because the worm downloads a new HOSTS file, rather than inserting directly as part of the infection process, the HOSTS file can be updated, again and again. The HOSTS file overrides the Internet’s DNS (Domain Name Service) and redirects domains to artificial IP addresses.
P2Load.A also modifies the start page and the search options of Internet Explorer The worm is spread through the P2P programs Shareaza and Imesh.
As always, I strongly recommend users to keep antivirus signatures updated every day. I use Computer Associates eTrust EZ Armor, that updates its antivirus data every hour, and it includes an excellent firewall application.
Call for Comments
What do you think? Leave your comments below.