PandaLabs has managed to close the web page that hosted one of the files of the P2Load.A worm, after contacting the Internet Service Provider hosting the file. One of the main actions of this worm is that it replaces the host file on affected computers with a file downloaded from a website, which has now been shut down. Now that this web page has been shut down, the danger level of this worm has been significantly reduced.
By modifying the hosts file, when the users try to access Google, they are redirected to a page that is exactly the same as Google, but not controlled by the company, which is hosted in a server in Germany. When users run a search, the results returned include sponsored links which have been created by the creator of this malware, generating increased traffic to these websites.
The fact that it modifies the file by replacing the original with a file downloaded from a remote website instead of being included in the worm’s code means that it could spoof other popular websites by simply changing the content of the file downloaded and even use other phishing techniques against other websites.
“The host file is essential when browsing the Internet, and so the closure of this website is another step forward in protecting computers,” says Luis Corrons, director of PandaLabs. “Panda Software understands that protection should not stop at detecting malware, but must go more in-depth than the mere code: research should continue until the danger has been completely eradicated. That is why,” he adds, “we are in contact with organizations, entities and institutions worldwide, which like PandaLabs, strive to make securing systems a complete and lasting process”.