BitDefender®, a global provider of award-winning antivirus software and data security solutions, announced today that BitDefender antivirus analysts have detected a new trojan, which hijacks Google text advertisements, replacing them with ads from a different provider. The threat, which is identified by BitDefender as Trojan.Qhost.WU, modifies the infected computers' Hosts file (a local storage for domain name / IP address mappings, which is consulted before domain name servers and is considered authoritative).
The modified file contains a line redirecting the host "page2.googlesyndication.com" which should point to an IP of the form 6x.xxx.xxx.xxx to a different address, of the form 9x.xxx.xxx.xxx, so that the infected machines' browsers read ads from server at the replacement address rather than from Google.
"This is a serious situation that damages users and webmasters alike," said Attila-Mihaly Balazs, a BitDefender virus analyst. "Users are affected because the advertisements and/or the linked sites may contain malicious code, which is a very likely situation, given that they are promoted using malware in the first place. Webmasters are affected because the trojan takes away viewers and thus a possible money source from their websites."
Users are advised to let BitDefender software delete the trojan. For further details on the ad-hijacking trojan, please visit BitDefender's Defense Portal site at: http://www.bitdefender.com/site/VirusInfo/realTimeReporting/.
"This is a serious situation that damages users and webmasters alike," said Attila-Mihaly Balazs, a BitDefender virus analyst. "Users are affected because the advertisements and/or the linked sites may contain malicious code, which is a very likely situation, given that they are promoted using malware in the first place. Webmasters are affected because the trojan takes away viewers and thus a possible money source from their websites."
Users are advised to let BitDefender software delete the trojan. For further details on the ad-hijacking trojan, please visit BitDefender's Defense Portal site at: http://www.bitdefender.com/site/VirusInfo/realTimeReporting/.
Google adsense bans websites and user accounts which redirect users to malicious sites or which violate Google software principles within advertising, so though this redirection may have come from this worm it is likely your account might get banned.
We are hoping to hear something from google adsense team about this.
