According to security researchers at BitDefender a new Trojan has been discovered which hijacks text based Google adverts and replaces them with ads from a totally different provider. Trojan.Qhost.WU acts by modifying the infected computers' Hosts file to include a line which redirects the web browser from the expected .googlesyndication.com IP address to another which ensures that the browser gets its ads served from a completely different place instead of Google.
"This is a serious situation that damages users and webmasters alike," said Attila-Mihaly Balazs, a BitDefender virus analyst. “Users are affected because the advertisements and/or the linked sites may contain malicious code, which is a very likely situation, given that they are promoted using malware in the first place. Webmasters are affected because the Trojan takes away viewers and thus a possible money source from their websites.”
Google has acted to cancel customer accounts that display ads which redirect users to malicious sites or which violate Google software principles within advertising, but this Trojan would seem to criminalise victims twice: they get the double whammy of serving up potentially malicious adverts and face being booted off of Google as a result.
A Google spokesperson has stated that it works hard to detects and remove sites which serve malware in the ad network, adding “we have manual and automated processes in place to detect and enforce these policies."