A new Internet worm uses P2P networks to infect Google users. Once installed, the worm redirects requests to a spoofed Google search site that uses sponsored links to generate money for the worm’s author.
The worm called P2Load.A uses popular names (such as games, movies etc.) to propagate through P2P networks. Once downloaded the worm copies itself to the shared directory as an executable and modifies the entries of the HOSTS file to redirect user’s attempts to reach Google to a spoofed site hosted in Germany.
According to security vendors, such worms are designed to financial gain only and the authors do not have malicious intentions.
“The creator of this worm has taken advantage of the importance of a company appearing among the first few links in the search results of an Internet browser,” said Luis Corrons, director of Panda Labs. “The motivation of the author of this malware is purely financial.”