New Malware Redirects Google, MSN, And Yahoo Traffic

Security vendor Panda Software says it has detected new malicious adware, called PremiumSearch, that redirects attempts to reach Google, MSN, and Yahoo as a means to collect traffic-dependent advertising income.

"It takes you to one of these cheesy search pages," says Patrick Hinojosa, CTO of Panda Software. "Someone's [trying] to siphon traffic." The motivation, of course, is money. PremiumSearch installs a malicious BHO (Browser Helper Object) on the victim's computer. It also installs a fake "Google" toolbar and sets the victim's browser home page to the PremiumSearch search engine, regardless of the setting displayed in the browser. Finally, it conducts what amounts to local DNS poisoning—it rewrites the HOSTS file on the victim's computer. This maps domain names that include,, and to an IP address hosting spoofed versions of those search engines. New Malware Redirects Google, MSN, And Yahoo Traffic - Yahoo! News

Linked by shanmuga Saturday, 1st October 2005 6:22AM