It appears that a trojan, Trojan.Qhost.WU, causes an infected machine to redirect Google ad requests to a roque server.
The infected machine has an altered 'hosts' file which redirects the page2.googlesyndication.com hostname to a third party hostname.
Article: http://news.yahoo.com/s/nm/20071219/wr_nm/google_advertisements_trojan_dc;_ylt=AnWWmSI8J_5NP40U2FqXLdwjtBAF
Bitdefender Trojan info: http://www.bitdefender.com/VIRUS-1000239-en--Trojan.Qhost.WU.html |
[Moved from "Antivirus firm says detects Google text ad Trojan" – Tony]
New threat reported by Yahoo! News etc. is spreading:
"Advertisements placed by Google in Web pages are being hijacked by so-called trojan software that replaces the intended text with ads from a different provider, Romanian antivirus company BitDefender says.
The trojan redirects queries meant to be sent to Google servers to a rogue server, which displays ads from a third party instead of ads from Google, BitDefender said in a statement."
Link: http://news.yahoo.com/s/nm/20071219/wr_nm/google_advertisements_trojan_dc
Anti-virus vendor BitDefender recognizes this Trojan horse as Trojan.Qhost.WU listing the description document here: http://www.bitdefender.com/VIRUS-1000239-en--Trojan.Qhost.WU.html
The good news is that Google has canceled these malicious accounts.
It appears this is the week of Orkut, YouTube and AdSense related security vulnerabilities:( |
[Moved from "Antivirus firm says detects Google text ad Trojan" – Tony]
The one thing that has me scratching my head is with the whole 'Google has cancelled these malicious accounts' part. If I have an edited HOSTS file how is Google going to know if my computer is redirecting all of the ad requests to a 3rd party site? |
Oops, and the week of Google Toolbar, Google Web Toolkit Benchmark Reporting System and Gmail vs. IE cache vulnerability too. |