By Erika Morphy TechNewsWorld Part of the ECT News Network
12/20/07 2:29 PM PT
End users who click on seemingly legitimate Google ads may be at risk of infection by a Trojan that substitutes rogue ads for the real thing. Google and the companies that pay for genuine ads are also victimized, because the pretenders usurp traffic and potential revenue.
How Much is 'Free' Costing You? Learn how DaveRamsey.com saw a 567% uplift in ROI with Omniture. This complimentary guide and webinar cover the most important factors in selecting an analytics solution. Download Now.
Malware is replacing Google (Nasdaq: GOOG) text ads with ads from another source, according to
BitDefender. The virus, Trojan.Qhost.WU, is using the host's file to redirect the initial query sent to the Google Adsense servers to a malicious host, according to an advisory issued by the firm.
The host's file is the first step in the name/IP (Internet protocol) translation process; if an entry is located in this file, the domain name server is not queried. By supplying a false entry, the malware is able to redirect queries to a rogue server.
Who's at Risk
End users who click on the seemingly legitimate ads are at risk, as they likely carry additional malware. Google and the companies that pay for genuine ads are also victimized, because the pretenders usurp traffic and potential revenue.
To see if a computer has been infected with this virus, BitDefender advises users to investigate whether the host's file is providing local storage for domain name/IP mappings that contains a line redirecting the host to page2.googlesyndication.com.
From the command line or from Start-->Run, issue the following command: ping -t pagead2.googlesyndication.com. The response should look similar to this, according to BitDefender: Pinging pagead.l.google.com [6x.xxx.xxx.xxx] with 32 bytes of data, where the x's represent digits.
"If you are not infected, the first digit will be a 6 (as in the example). If you are infected, the first digit will be a 9," said BitDefender.
Trojan.Qhost.WU is not spreading fast and poses a "medium" risk of damage, according to the advisory.
Not Unusual
While the target may be a little different, this particular Trojan is just another variation of typical phishing malware, Dmitri Alperovitch, principal research scientist with Secure Computing, told TechNewsWorld.
"We have been seeing attacks like this for the last two to three years, where the virus changes the internal setting to point the user to a different server," he said.
At their core, all of these hack attacks intercept a resolution from the browsers to the DNS (domain name system) server via a simple modification to the Windows system file, he explained. "No query is made to the real DNS server."
A more dangerous variant is the Zlob virus, which infects users by masquerading as a video compression algorithm necessary to view a particular video.
The malware that is subsequently downloaded replaces resolutions not for just one domain name, but for an entire configuration of DNS servers under the control of a malicious group.
FTC Blesses Google-DoubleClick Union Despite Privacy Furor December 20, 2007
The fact that the FTC could not -- or would not -- consider the privacy implications of the merger leaves many unanswered questions regarding the vulnerability of consumers' private data, Sterling Market Intelligence Founding Principal Analyst Greg Sterling told the E-Commerce Times. "Privacy was not a legally relevant consideration in the antitrust analysis."
Related Stories
Trojan Horse Is Newest Windows Vulnerability March 26, 2007
Microsoft on Monday announced a new security vulnerability in Windows that allows hackers to take over a PC remotely and which also could introduce a back door Trojan Horse to a user's system. Concurrently, security vendor Symantec upgraded the threat level of this vulnerability while Microsoft, on its Windows security Web site, downplayed the possible risk to users.
Skype IM Falls Victim to Trojan Attack December 19, 2006
An attack that penetrated the Skype instant messaging service was originally identified as a worm, but it is actually a Trojan horse, according to WebSense, the security research firm that discovered the malware. "We don't believe this new Trojan is very widespread, but this attack can cause damage," said Dan Hubbard, vice president of security research at WebSense.
First-of-Kind Viruses Target Mobile Users March 01, 2006
"This latest virus represents a natural progression for virus writers, who are constantly seeking to extend their reach by spreading infections via as
many platforms as possible," said David Emm, a senior technology consultant at Kaspersky Lab. "One thing's for sure -- RedBrowser may be the first of
its kind, but it certainly won't be the last."
Related News Alerts
More by Erika Morphy
Ballmer Gives Shareholders - and Dell - Cause for Optimism November 20, 2009
Microsoft CEO Steve Ballmer was all smiles at the company's shareholders meeting, as he touted the early success of Windows 7. Ballmer's cheer may have been contagious; after posting a massive earnings decline for the third quarter, Dell needed some good news to latch onto, and the prospect of broad enterprise adoption of Windows 7 could spur PC sales.
AA.com Sucks the Fun Out of Trip-Planning November 20, 2009
Using AA.com to book a flight was a painful experience. Densely packed, disorganized information was displayed in an unattractive format. On the plus side, it did seem as though the deals American Airlines advertised were real and not mere bait-and-switch lures. For anyone who wants a travel-planning Web site to inject a little pleasure into the experience, though, I say look elsewhere.
Salesforce.com Pumps Up Volume of Workplace Chatter November 19, 2009
Salesforce.com has developed a collaboration platform that puts social networking to work. Salesforce Chatter facilitates employee collaboration on projects through Facebook-like profiles, status updates, feeds and groups. The question remains whether employees will be as open to social networking in the workplace as they are in their personal lives.
Headline Feeds
Talkback: 
