[Previous entry: "Google That Blog"] [Main Index] [Next entry: "Simple Path to Notebook Hard Drive Upgrade"]

Sprechen Sie Google?
by Dave Murphy

A new worm, named P2Load.A, is in the wild. Once infected, users of Google's search engine are redirected to a spoofed site in Germany that looks just like the powerhouse search engine's main page. Spoofed search results include new, top-of-list links to advertisers who are not a member of Google's desired advertiser list.

The worm affects computers by downloading a new HOSTS file. Because the worm downloads a new HOSTS file, rather than inserting directly as part of the infection process, the HOSTS file can be updated, again and again. The HOSTS file overrides the Internet's DNS (Domain Name Service) and redirects domains to artificial IP addresses.

Dave's Opinion
P2Load.A also modifies the start page and the search options of Internet Explorer The worm is spread through the P2P programs Shareaza and Imesh.

As always, I strongly recommend users to keep antivirus signatures updated every day. I use Computer Associates eTrust EZ Armor, that updates its antivirus data every hour, and it includes an excellent firewall application.

Call for Comments
What do you think? Leave your comments on the message center.

References
Panda Software P2Load.A Data
eTrust EZ Armor

09.18.05 @ 12:52 PM ET
author, 410.567.5366
Copyright © 2005 Damar Group, Ltd., All Rights Reserved