October 3, 2005 - (HOSTSEARCH) - A new malicious code that attacks popular Internet search engines has been identified by PandaLabs. The code, identified as Adware/PremiumSearch, mimics the actions of a worm detected last month that alters Google search sponsored links. The infection seems to originate from visits to a certain web site with pages that contain illegal software versions or pornography.
Adware/PremiumSearch attacks vulnerabilities in spyware. It installs a Browser Helper Object (BHO) on a computer and then installs an imitation of a 'Google' toolbar which modifies HOSTS files. Users believe their computers have been infected by a number of viruses and will have to pay to disinfect them. "These actions are financially motivated and aim to exploit the popularity of these search engines to increase visits to the pages with the altered results," explains Luis Corrons, director of PandaLabs. "To avoid this kind of attack, it is vital that users have reliable antivirus protection and keep their systems up-to-date, as the vulnerabilities used have often been in existence for some time."
