A Trojan detected by BitDefender replaces texts ads from Google’s AdSense server, resulting in an obvious loss of revenue for Google but also posing threats to users from malicious links.
When a person visits a Web site, the browser checks the hosts file to see if it has an IP address for a particular domain name. If the hosts file is corrupted or hijacked, the browser can be directed to fetch a different Web page than the one the user intended to.
Named Trojan.Qhost.WU, the malware operates from the host computer, essentially putting site owners out of the loop. The potential losses in terms of ad views lost can be huge.
In the back drop of this attack comes information on how malware authors are contorting Web 2.0 features like RSS feeds to use legitimate services for illegitimate payload.
While BitDefender has already mentioned that it has a solution to detect the ad-replacing Trojans, the Web 2.0 security wars are just warming up.
New Trojan Hijacks Google Ads (CRN)
Trojan hijacks Google text ads (VNUnet)
New Trojan Software Swaps Google Ads For Malware (InformationWeek)