Worm Redirects Google Searches To Look-Alike Site - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

01:39 PM

Worm Redirects Google Searches To Look-Alike Site

Once a PC is infected, all attempts to reach Google.com are sent to a copycat site in Germany, which redirects queries to paying partners.

A new worm modifies the infected PC so attempts to search using Google are directed to a spoofed site that looks like the real thing, but with different sponsored links to drive traffic to sites the hacker's designated, a security firm said Friday.

Panda Software's analysis of the P2Load.a worm showed that after compromising a PC, it modifies the Windows HOSTS file so all attempts to reach google.com -- and even mistyped addresses, such as "googel.com" -- are redirected to a site actually served from Germany.

"The page is an exact copy of Google and supports the 17 languages of Google," said Panda in a statement.

Searches run on the spoofed version of Google return results similar to the real Google, but in some cases, the sponsored links -- top-of-the-page and right-side links to e-commerce sites that have paid for the placement -- are different.

"The creator of this worm has taken advantage of the importance of a company appearing among the first few links in the search results of an Internet browser,” said Luis Corrons, director of PandaLabs, in a statement. “Its aims are none other than to increase visits to the pages linked by the creator of this malware or earn an income from companies that want to appear in the first few results in computer where the identity of Google has been spoofed…in both case, the motivation of the author of this malware is purely financial."

Because the new HOSTS file is downloaded from a Web site, not embedded in the worm's code as is the usual practice, Panda warned that P2Load.a, or similar threats, could spoof other popular sites by simply changing the content of the file downloaded.

Google has been targeted by hackers before. In March, for instance, a widespread DNS cache poisoning attack redirected traffic from Google and other popular URLs to hacker sites. In another case, phishers and spyware creators downloaded software, including bank account theft software, to PCs when their owners mistyped google.com and ended up at a malicious site hosted by servers in Russia.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
10 Ways to Transition Traditional IT Talent to Cloud Talent
Lisa Morgan, Freelance Writer,  11/23/2020
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Can Low Code Measure Up to Tomorrow's Programming Demands?
Joao-Pierre S. Ruth, Senior Writer,  11/16/2020
Register for InformationWeek Newsletters
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll