Dec 19
BitDefender Detects New Trojan that Hijacks Google Text Advertisements
BUCHAREST, Romania – On Tuesday, Dec 18, BitDefender announced that BitDefender antivirus analysts have detected a new trojan, which hijacks Google text advertisements, replacing them with ads from a different provider.
The threat, which is identified by BitDefender as Trojan.Qhost.WU, modifies the infected computers’ Hosts file (a local storage for domain name / IP address mappings, which is consulted before domain name servers and is considered authoritative).
The modified file contains a line redirecting the host “page2.googlesyndication.com” which should point to an IP of the form 6x.xxx.xxx.xxx to a different address, of the form 9x.xxx.xxx.xxx, so that the infected machines’ browsers read ads from server at the replacement address rather than from Google.
“This is a serious situation that damages users and webmasters alike,” said Attila-Mihaly Balazs, a BitDefender virus analyst. “Users are affected because the advertisements and/or the linked sites may contain malicious code, which is a very likely situation, given that they are promoted using malware in the first place. Webmasters are affected because the trojan takes away viewers and thus a possible money source from their websites.”
Users are advised to let BitDefender software delete the trojan. More info on the ad-hijacking trojan at BitDefender here and Real-time Virus Reporting here.