BitDefender Finds Google AdWords Hijack Trojan

Seems there is a trojan out there that can replace Google AdWords with other ads, according to BitDefender. The bug is loaded when a person visits an infected website and the malware attaches itself to a user's computer.

Then when they surf a publishing site that displays AdWords the ads are replaced by similiar looking ones from other advertisers.

"The threat, which is identified by BitDefender as Trojan.Qhost.WU, modifies the infected computers' Hosts file (a local storage for domain name / IP address mappings, which is consulted before domain name servers and is considered authoritative).

The modified file contains a line redirecting the host "page2.googlesyndication.com" which should point to an IP of the form 6x.xxx.xxx.xxx to a different address, of the form 9x.xxx.xxx.xxx, so that the infected machines' browsers read ads from server at the replacement address rather than from Google," BitDefender noted.

About the author

Frank Watson has been involved with the Web since it started. For the past five years, he headed SEM for FXCM -- at one time one of the top 25 spenders with AdWords. He has worked with most of the major analytics companies and pioneered the ability to tie online marketing with offline conversion.

He has now started his own marketing agency, Kangamurra Media. This new venture will keep him busy when he is not editing the Search Engine Watch forums, blogging at a number of authoritative sites, and developing some interesting online community sites.

He was one of the first 100 AdWords Professionals, a Yahoo and Overture Ambassador, and a member or mod of many of the industry forums. He is also on the Click Quality Council and has worked hard to diminish click fraud.