Internet search engine Google is being spoofed in a malware attack that directs users to a pretend Google on a hacker-controlled website based in Germany. By modifying the HOSTS file on infected PCs, the P2Load-A worm sets it up so that when users do a search, the results are shown correctly by are in fact from the modified search engine page, which mixes in links which have been specified by the creator of this malware.
"Its [P2Load's] aims are none other than to increase visits to the pages linked by the creator of this malware or earn an income from companies that want to appear in the first few results in computer where the identity of Google has been spoofed," said Luis Corrons, director of PandaLabs. "In both cases, the motivation of the author of this malware is purely financial."
The worm has been spreading through P2P networks, such as Shareaza and Imesh. It copies itself to the shared directory of these programs as an executable file called Knights of the Old Republic 2.