A new worm redirects users to a spoofed Google search
site that posts alternative sponsored links in the search results
to generate money for the worm’s author.
The P2Load.a worm has been reported by security software company
Panda Software, which said the spoofed site was hosted from
Germany.
Panda said the worm modified an infected PC’s Windows Hosts file
so all attempts to reach google.com are redirected to the spoofed
site.
Panda said that many of the search results shown on the spoofed
website were the same as the genuine Google, but often the
top-of-the-page and right-side sponsored links had been
changed.
Even mistyped entries such as “googel.com” are directed to the
spoofed version. Panda said the worm existed purely to make its
creator money and had no malicious designs on users’ operating
systems.
Sponsored links in search engine results are a rapidly growing
money earner for web portals, with Google the leading player in the
market.
Earlier this year, Google had to contend with malware that
redirected misspellings of its domain name to a site run by Russian
fraudsters.