Ad-hijacking Trojan Cuts into Google Revenues Tuesday 18 December 2007 PDF Print BitDefender antivirus analysts detected a new trojan, which hijacks Google text advertisements, replacing them with ads from a different provider. The threat, which is identified by BitDefender as Trojan.Qhost.WU, modifies the infected computers' Hosts file (a local storage for domain name / IP address mappings, which is consulted before domain name servers and is considered authoritative). The modified file contains a line redirecting the host "page2.googlesyndication.com" which should point to an IP of the form 6x.xxx.xxx.xxx to a different address, of the form 9x.xxx.xxx.xxx, so that the infected machines' browsers read ads from server at the replacement address rather than from Google. "This damages both users (because the advertisements and/or the linked sites may contain malicious code - a very likely situation, given that they are promoted using malware in the first place) and webmasters (because it takes away viewers and thus a possible money source from their websites)" declared virus analyst Attila-Mihaly Balazs for BitDefender. Users are advised to let BitDefender software delete the trojan. ------------------------------screenshots attached, link to tech description is http://www.bitdefender.com/site/VirusInfo/showVirusInfo/1589 ENDS Issued by MJO Associates for BitDefender UK. Contact for screenshots, Mike Ottewell: tel: 01538 361217 email firstname.lastname@example.org This press release was distributed by ResponseSource Press Release Wire on behalf of MJO Associates in the following categories: Consumer Technology, Personal Finance, Business & Finance, Computing & Telecoms, for more information visit http://pressreleasewire.responsesource.com/about.