If you've been wondering why the Google ads displaying on your favourite Web sites seem a little odd, even risque, the site's host could have been hacked by a clever piece of malware that redirects Google ads to a different address that runs its own, often nasty, ads.
The is according to BitDefender, whose analysts have detected a new trojan, which hijacks Google text advertisements, replacing them with ads from a different provider.
The threat, which is identified by BitDefender as Trojan.Qhost.WU, modifies the infected computers' hosts file. This is a local storage for domain name or IP address mappings, which is consulted before domain name servers and is considered authoritative.
The modified file contains a line redirecting the host "page2.googlesyndication.com" which should point to an IP of the form 6x.xxx.xxx.xxx to a different address, of the form 9x.xxx.xxx.xxx, so that the infected machines' browsers read ads from server at the replacement address rather than from Google.
"This damages both users – because the advertisements and/or the linked sites may contain malicious code – a very likely situation, given that they are promoted using malware in the first place – and Webmasters – because it takes away viewers and thus a possible money source from their Web sites," says BitDefender virus analyst Attila-Mihaly Balazs.