BILBAO, SPAIN – Internet security firm Panda Labs has identified a worm which redirects traffic to a spoof of Google, a site which imitates the function of Google, but which displays different search results and advertising links.The “P2load.A” worm, which Panda characterizes as a medium level threat, “modifies the start page and the search options of Internet Explorer and redirects the Google website to other that imitates it,” according to Panda’s online threat report. The report also states that the worm spreads through the peer to peer programs Shareaza and Imesh.

According to Panda’s report, P2load.A is “easy to recognize once it has affected the computer,” as it displays a message on the screen when it is run which says, in part “File “vb2.dll is not current any longer!” and prompts the user to click “OK” to download a current version of the file. Once installed, it changes the Internet Explorer start page, and begins redirecting the infected browser to the fake version of Google.

When infected users submit a Google search, the results displayed are similar to the results the same search would yield on Google, but the sponsored links are different, and include sites and links that are included and defined by the author(s) of the worm.

“The creator of this worm has taken advantage of the importance of a company appearing among the first few links in the search results of an internet browser,” said Luis Corrons, director of Panda Labs. ”Its aims are to increase visits to the pages linked by the creator of this malware, or to earn an income from companies that want to appear in the first few results in computer where the identity of Google has been spoofed. In both cases, the motivation of the author of this malware is purely financial.”

According to Panda’s report, the worm has spread most rapidly in Europe, specifically Germany, Spain, Poland and France. For more information on how to prevent and remove P2load.A, Panda’s report can be viewed in full at: pandasoftware.com.