According to Romanian security company Bitdefender, Google faces these days a new threat in the form of a Trojan like malware which basically replaces text advertisements on Web pages with ads from a different source, thus taking a good bite from Google’s revenue and most likely also causing problems for Webmasters.
What this software which BitDefender calls Trojan.Qhost.WU does is altering information in the infected computer’s host files which are responsible with matching the domain names of Web sites with the IP addresses. The result is that the browser is redirected to a new web address instead of the one which displayed Google’s AdWords.
BitDefender representatives highlighted the potential danger behind those substituting advertisements which could contain links to malicious sites. Furthermore, both Web site owners who buy ads through Google and Google itself are subjected to losses regarding Web traffic as well as the potential money source ads represent.
However, the security company estimated the risk of this Trojan as medium although Google cannot be of great help for those who download the malware; no worries there, still, BitDefender does a great job at both detecting and removing it.
On this issue Google came forward on Wednesday saying that "We have canceled customer accounts that display ads re-directing users to malicious sites or that advertise a product violating our software principles " […]"We actively work to detect and remove sites that serve malware in both our ad network and in our search results. "
For those concerned with the safety of their systems it seems that the easiest way to figure out for yourself if an entry in the host file replaces ‘localhost’ with an actual IP, one that would be redirecting to another source and not Google’s AdWords is to check the hosts file, which is at c:\windows\system32\drivers\etc\hosts.
