New Trojan Compromises Txt Ads on Google Delivers Malicious Ads

According to BitDefender, a security company in Romania, it has found a first-time Trojan program that compromises Google text advertisements, putting in their place adverts from another source. The primary advantages of text adverts are that with them, the page loading is quicker, they are unobtrusive and they merge with the remaining content that is mainly textual.

BitDefender, which has identified the malware as TrojanQhost.WU, says that the Trojan changes the infected system's Hosts file, i.e., a local point of storage for IP address and domain name mappings.

The advertisements are embedded with the introduction of an HTML/JavaScript code that Google provides in its web pages to let the web-master present the ads. The code instructs the Adsense server belonging to Google to deliver the unexpected advertisements.

The Trojan.Qhost.WU exploits the Hosts file to divert the initial request to the Adsense servers to a malware-laden host. The use of the Hosts file is the first stage of the translation process of the Internet Protocol (IP) and if any entry is made to the file, no query is made to the server with the domain name. The Trojan malware registers an entry, channeling pagead2.googlesyndication.com towards a fake server so that instead of showing the ads from Google, they are displayed from some other source.

This causes harm to both users and webmasters, declared Virus Analyst Attila-Mihaly Balazs at BitDefender. With users, it is more likely that the adverts and/or the connected sites might contain malware, which themselves are forwarded using malicious code. And with webmasters, viewers are taken away and hence a possible source of money from their sites. Idm.net.au published Balazs' statement on December 19, 2007.

This, however, is not the first attack on Google Adsense. In January 2005, some malicious ads installed malware on visitors' PCs to which Google immediately reacted by removing those ads.

BitDefender also published the Top Tem malware chart for 2007 in which it detected Netsky.P as the most long-lived and harmful mass mailer ever. The security firm signaled the introduction of politically-driven spam, which it thinks would grow dramatically with the closing in of the presidential elections in the USA.

Related article: New Zealand Releases Code To Reduce Spam

» SPAMfighter News - 1/3/2008

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Press Releases - IT Security News

Go back to previous page
Next
-->

Products

SPAMfighter
SLOW-PCfighter
FULL-DISKfighter
DRIVERfighter
VIRUSfighter
SPYWAREfighter
Anti spam / Anti virus business solutions

About

Company
Contact us
Press room
Support
Blog
Sign up for newsletters

Partnerships

Become a partner
Become a reseller
Find a reseller
Become an affiliate
White Label Software

Social media

Facebook
Twitter
Youtube
LinkedIn
© SPAMfighter 2003-2025    All rights reserved.    Privacy Statement    Sitemap