Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Vulnerability Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Google advertisements hijacked by trojan

Share
Google text advertisements are being hijacked by a trojan that redirects users to pitches from another provider, according to researchers at BitDefender.

The trojan, called Qhost.WU by the Bucharest-based anti-virus provider, infects an affected PC's storage for domain names and IP address mappings, which is used before domain name servers are considered authoritative.

The infected file then redirects the page2.googlesyndication.com host to IP addresses if other servers so that an end-user could easily be confused by the replacement advertisements.

“This is a serious situation that damages users and webmasters alike,” said BitDefender analyst Attila-Mihaly Balazs. “Users are affected because the advertisements or the linked sites may contain malicious code, which is a very likely situation, given that they are promoted using malware in the first place. Webmasters are affected because the trojan takes away viewers and thus a possible money source from their websites.”

Cyberattackers last month hijacked thousands of Google search terms, leading end users to surprise malware installations. The operation included tens of thousands of pages created specifically to obtain high search-engine ranking.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.