PandaLabs has managed to close the web page that hosted one of the files of the P2Load.A worm, after contacting the Internet Service Provider hosting the file. One of the main actions of this worm is that it replaces the hosts file on affected computers with a file downloaded from a website, which has now been shut down. Now that this web page has been shut down, the danger level of this worm has been significantly reduced.
By modifying the hosts file, when the users try to access Google, they are redirected to a page that is exactly the same as Google, but not controlled by the company, which is hosted in a server in Germany. When users run a search, the results returned include sponsored links which have been created by the creator of this malware, generating increased traffic to these websites.
The fact that it modifies the HOSTS file by replacing the original with a file downloaded from a remote website instead of being included in the worm’s code means that it could spoof other popular websites by simply changing the content of the file downloaded and even use other phishing techniques against other websites.
“The host file is essential when browsing the Internet, and so the closure of this website is another step forward in protecting computers,” says Luis Corrons, director of PandaLabs. “Panda Software understands that protection should not stop at detecting malware, but must go more in-depth than the mere code: research should continue until the danger has been completely eradicated. That is why,” he adds, “we are in contact with organizations, entities and institutions worldwide, which like PandaLabs, strive to make securing systems a complete and lasting process”.
To help as many users as possible scan and disinfect their systems, Panda Software offers its free, online anti-malware solution, Panda ActiveScan, which now also detects spyware, at http://www.pandasoftware.com/home/default.asp. Webmasters who would like to include ActiveScan on their websites can get the HTML code, free from http://www.pandasoftware.com/partners/webmasters.
Panda Software also offers users Virus Alerts, an e-bulletin in English and Spanish that gives immediate warning of the emergence of potentially dangerous malicious code. To receive Virus Alerts just visit Panda Software’s website (http://www.pandasoftware.com/about/subscriptions/) and complete the corresponding form.
For further information about these and other computer threats, visit Panda Software’s Encyclopedia.
Since 1990, its mission has been to analyze new threats as rapidly as possible to keep our clients save. Several teams, each specialized in a specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc), work 24/7 to provide global coverage. To achieve this, they also have the support of TruPreventÃ¢â€ž? Technologies, which act as a global early-warning system made up of strategically distributed sensors to neutralize new threats and send them to PandaLabs for in-depth analysis. According to Av.Test.org, PandaLabs is currently the fastest laboratory in the industry in providing complete updates to users (more info at www.pandasoftware.com/pandalabs.asp).