December 20, 2007 — (WEB HOST INDUSTRY REVIEW) — Romanian security provider BitDefender (bitdefender.com) has identified a Trojan horse program that swaps Google text advertisements on Web pages with those from an alternate source, preventing Google from receiving ad revenue as well as possibly causing problems for end users.
The search engine may be helpless in stopping the hack because it involves modifying an internal PC file called the hosts file, that is used to sync domain names of websites with IP addresses. When people visit a website, the browser views the hosts file to see if it has an IP address for a particular domain name. If the hosts file is corrupted or hijacked, the browser can be directed to call up a different Web page than the intended one.
In its advisory, BitDefender says this malware, which it named ‘Trojan.Qhost.WU’, directs a browser to download ads from a different server than Google’s ad server. The security provider says the Trojan is not spreading fast and is considered a “medium” risk of damage. It is unknown at the time how the Trojan is being circulated.
Besides signficant Google ad revenue loss, the replacement ads could potentially contain links to sites with malicious software, says BitDefender. Both Google and the Website owners who purchase ads through Google, can lose valuable Web traffic and revenue if people are directed away from its ads.
