New Worm Hijacks Google Requests

PandaLabs has announced the emergence of a new worm that spreads via peer-to-peer networks including Shareaza and iMesh, which hijacks visits to Google.com and redirects users to a spoofed page that inserts third-party advertising. The browser's start page is also modified to show ads.

Panda says the worm attempts to spread by copying itself using the name "Knights of the Old Republic 2," which refers to a Star Wars related video game. When users run the file, an error message pops up and the computer is then infected with the worm dubbed P2Load.A.

P2Load.A is able to re-route users by editing a system's HOSTS file that overrides actual DNS settings for a Web address. Although the current iteration of the worm only hijacks requests to Google.com along with 17 languages and variants, it could be used to spoof other sites as well.

"The creator of this worm has taken advantage of the importance of a company appearing among the first few links in the search results of an Internet browser," said Luis Corrons, director of PandaLabs, in a statement.

"Its aims are none other than to increase visits to the pages linked by the creator of this malware or earn an income from companies that want to appear in the first few results in computer where the identity of Google has been spoofed: in both cases, the motivation of the author of this malware is purely financial."

Panda says is contacted the ISP hosting the fake Google site and Google itself. The web page was shut down late Friday, reducing the potential damage caused by the worm. But Panda warns that variants pointing to other Web hosts are likely to crop up.