A new worm is doing the rounds offering a free Star Wars game and results in users been directed to a fake Google site.
The worm, called P2Load.A, is being spread on peer-to-peer networks, including Shareaza and Imesh, masquerading as a free version of Knights of the Old Republic II, said Forrest Clark, senior manager at anti-virus company Panda.
P2Load.A first started on Wednesday and is most widely spread in the US and Chile, Clark said.
When the software is installed, the worm makes changes to the computer's browser so that any user trying to access Google is instead presented with a Google look-alike page hosted on a server in Germany.
The page appears to be a working copy of the Google search engine that gives nearly identical search results. But the sponsored links are different, Clark said. "What they're doing is replacing all of the AdWords ads with fake ads, and they're selectively changing some of the search results," he said.
Even users who mistype the www.google.com address are redirected to the fake site, which also supports the same range of languages as Google.com. This redirection is achieved by modifying the hosts file in the infected computer's operating system, which is a kind of address book used to quickly connect the browser to websites.
By changing this file the worm's authors could spoof other popular Web sites, and possibly modify this attack for phishing, Clark warned.
The P2Load.A worm seems to have been written to make money for its authors by increasing the number of visitors directed to the sites listed in the phony sponsored links results, Clark said.
Users infected with the worm will notice one other side effect: their browser's start page will be modified to display what appears to be a shopping site. P2Load.A affects Windows computers running Firefox or Internet Explorer.
Find your next job with techworld jobs