The spyware NSearch alters results from any Internet search engine, reports Panda Software

PandaLabs has detected a example of spyware, NSearch, designed to alter the results returned by any Internet search engine. Computers are infected when the user visits certain -in the main ‘dubious’- websites able to exploit software vulnerabilities, allowing NSearch to install itself automatically on systems. This malware creates a file called sp.exe which is then run and goes memory resident.

NSearch’s code includes a long list of terms. When a user enters any of these terms in a search engine, the spyware alters the results page, highlighting the search word in bold and including a link to another search engine called ntsearch. The creator of NSearch probably receives a sum of money every time a user clicks on one of these links and visits this search engine. So, as with the majority of examples of this type of malware, the motives behind this spyware specimen would appear to be solely financial.

According to Luis Corrons, director of PandaLabs: “A spyware attack -such as that of NSearch- is far more complex than, say, an email worm. Spyware can use a wide range of components to achieve its mission: installing files that execute and go memory resident, BHO (Browser Helper Objects), manipulated toolbars. For this reason, to remove spyware properly from a computer, it is not enough to simply delete the file containing it, but also neutralize all other malicious action that could have affected the computer. For example, our Platinum Internet Security 2005 suite is, according to a comparative review in PCWorld USA1, the most effective on the market when it comes to removing not just spyware, but also its collateral effects. It was able to remove false toolbars and all BHOs. The comparative also showed our suite to be the most effective in removing Windows registry entries made by spyware programs or terminating processes that they run in memory.

To reduce the chance of spyware attacks, Panda Software advises users to avoid dubious websites and to install a security suite that includes technologies capable of effectively combating spyware.

For further information about these and other computer threats, visit Panda Software’s Encyclopedia.

About PandaLabs
Since 1990, its mission has been to analyze new threats as rapidly as possible to keep our clients save. Several teams, each specialized in a specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc), work 24/7 to provide global coverage. To achieve this, they also have the support of TruPreventâ„? Technologies, which act as a global early-warning system made up of strategically distributed sensors to neutralize new threats and send them to PandaLabs for in-depth analysis. According to, PandaLabs is currently the fastest laboratory in the industry in providing complete updates to users (more info at

Don't miss