A new worm, named P2Load.A, is in the wild. Once infected, users of Google's search engine are redirected to a spoofed site in Germany that looks just like the powerhouse search engine's main page. Spoofed search results include new, top-of-list links to advertisers who are not a member of Google's desired advertiser list.
The worm affects computers by downloading a new HOSTS file. Because the worm downloads a new HOSTS file, rather than inserting directly as part of the infection process, the HOSTS file can be updated, again and again. The HOSTS file overrides the Internet's DNS (Domain Name Service) and redirects domains to artificial IP addresses.
Dave's Opinion
P2Load.A also modifies the start page and the search options of Internet Explorer The worm is spread through the P2P programs Shareaza and Imesh.
As always, I strongly recommend users to keep antivirus signatures updated every day. I use Computer Associates eTrust EZ Armor, that updates its antivirus data every hour, and it includes an excellent firewall application.
Call for Comments
What do you think? Leave your comments below.
References
Panda Software P2Load.A Data
eTrust EZ Armor
Comments (1)
You know, this could be prevented if users locked down their hosts file. I use Spyware Blaster, and TweakNow PowerPack 2005, which lock it down for me.
TweakNow PowerPack 2005 also backs up my hosts file, and even encrypts it with a SAM file, can't beat that!
Posted by Jeremy Emberling![[TypeKey Profile Page]](http://www.geeknewscentral.com/nav-commenters.gif)
|
September 18, 2005 8:22 PM
Posted on September 18, 2005 20:22