tesco
09-19-2005, 11:25 PM
A worm that modifies a user's HOSTS file to redirect visitors of Google.com to a spoof website has been discovered. The worm was found by Panda Labs and is currently circulating on P2P networks Shareaza and Imesh. It is masquerading as an executable of popular Star Wars game Knights Of The Old Republic 2.
If infected, several Google domain names will be redirected to an unofficial German version of the search engine. Although the site looks identical to the original, the results have been modified in such a way that certain companies will gain an unfair higher ranking, and therefore will appear at the top of search results.
Luis Corrons, director of Panda Labs said: "Its aims are to increase visits to the pages linked by the creator of this malware, or to earn an income from companies that want to appear in the first few results in computer where the identity of Google has been spoofed. In both cases, the motivation of the author of this malware is purely financial."
:source: Source: vnunet.com (http://www.vnunet.com/vnunet/news/2142442/worm-creates-fake-google-site)
If infected, several Google domain names will be redirected to an unofficial German version of the search engine. Although the site looks identical to the original, the results have been modified in such a way that certain companies will gain an unfair higher ranking, and therefore will appear at the top of search results.
Luis Corrons, director of Panda Labs said: "Its aims are to increase visits to the pages linked by the creator of this malware, or to earn an income from companies that want to appear in the first few results in computer where the identity of Google has been spoofed. In both cases, the motivation of the author of this malware is purely financial."
:source: Source: vnunet.com (http://www.vnunet.com/vnunet/news/2142442/worm-creates-fake-google-site)