New Worm Uses The Force

A security firm says a worm that spoofs Google is wending its way through the Internet via P2P networks.
Posted September 19, 2005
By

Tim Gray


Security firm PandaLabs says a worm that spoofs Google (Quote, Chart) is wending its way through the Internet via P2P networks.

Some downloaders hoping to snare free Star Wars games are unwittingly finding themselves installing the worm, P2Load.A, that spreads on P2P networks using the file-sharing programs Shareaza and Imesh, according to PandaLabs.

The worm copies itself to the shared directory of these programs as an executable file, according to the software security outfit. Once installed the software changes the computer's browser so that users attempting to reach Google's search engine are directed to a spoofed Google page hosted on a server in Germany.

Once there, search results returned include sponsored links created by the author of this malware, generating increased traffic to these Web sites, according to PandaLabs.

The worm could spoof other popular Web sites by simply changing the content of the downloaded file, because it modifies the HOSTS file by replacing it with a file downloaded from a remote Web site, instead of being included in the worm's code, the security software firm said.

The worm can also use other phishing techniques against other Web sites.

According to a report released by Symantec's Internet Security team today, these attacks are increasingly performed for financial gain.

Whereas during earlier stages of the Internet, security sabotage was often performed for thrills, or a certain notoriety achieved with the attack, now those seeking monetary rewards are flooding the Internet with malicious software code.

The report said during the first half of 2005, the amount of malicious code exposing confidential information was 74 percent of the top 50 malicious code samples reported to Symantec, up from 54 percent in the previous six months.

This article was first published on internetnews.com, a JupiterWeb site. To read the entire article, click here.






Comment and Contribute

 


(Maximum characters: 1200). You have characters left.