Feeds

Ad hijacking Trojan targets Google

Misdirection ruse

Top 5 reasons to deploy VMware with Tegile

Security researchers have identified a Trojan that hijacks Google text advertisements, replacing them with "ads" from a different provider that are likely to be laced with spyware.

The Qhost-WU modifies an infected computer's hosts file, thereby poisoning systems with bogus DNS lookup records. The hosts file matches domain names of websites with corresponding IP addresses. By corrupting the file hackers can redirect surfers to domains controlled by hackers even when users visit a trusted location.

In this case, the modified file contains a line redirecting the host "page2.googlesyndication.com" from a server run by Google to an imposter, potentially depriving web masters of revenue while leaving infected punters in a pickle.

"This is a serious situation that damages users and webmasters alike," said Attila-Mihaly Balazs, a virus analyst at Romanian security firm BitDefender. "Users are affected because the advertisements or the linked sites may contain malicious code, which is a very likely situation, given that they are promoted using malware in the first place. Webmasters are affected because the Trojan takes away viewers and thus a possible money source from their websites."

Although damaging, the Qhost-WU Trojan hasn't spread particularly widely. BitDefender rates it as a medium risk pathogen.

Without commenting on Qhost-WU specifically, Google said it purges entries for sites containing malware from its search index. "We have cancelled customer accounts that display ads re-directing users to malicious sites or that advertise a product violating our software principles," the ad trafficking giant told Reuters. ®

Intelligent flash storage arrays

More from The Register

next story
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Protecting against web application threats using SSL
SSL encryption can protect server‐to‐server communications, client devices, cloud resources, and other endpoints in order to help prevent the risk of data loss and losing customer trust.