Virus writers have developed a worm that spoofs the behaviour of internet search engine Google, varying the results displayed to suit the requirements of hackers.


P2Load-A modifies the HOSTS file on infected PCs by replacing the original with a file downloaded from a remote website under the control of hackers. When users run a search, the results are normally shown correctly - but sponsored links are different. For some searches, other links appear which have been specified by the creator of this malware, resulting in increased traffic to these websites.

Even users who mistype the www.google.com address are redirected to the fake site, which also supports the same range of languages as Google.com. This redirection is achieved by modifying the hosts file in the infected computer's operating system, which is a kind of address book used to quickly connect the browser to websites.

The worm spreads across file trading networks, targeting users of the Shareaza and Imesh P2P programs. P2Load-A copies itself to the shared directory of these programs as an executable file called Knights of the Old Republic 2, a reference to a well-known computer game related to the Star Wars saga. If this file is run, it displays an error message informing the user that a file does not exist and offering to download it. Meanwhile, unknown to its user, their Windows PC will have become infected.

Users infected with the worm will notice one other side effect: their browser's start page will be modified to display what appears to be a shopping site. P2Load.A affects Windows computers running Firefox or Internet Explorer.

Download the Hoster from here. Press "Restore Original Hosts" and press "OK". Exit Program. This will restore the original Hosts file.