BitDefender has detected a new trojan, which hijacks Google text advertisements, replacing them with ads from a different provider. The threat, which is identified by BitDefender as Trojan.Qhost.WU, modifies the infected computers’ Hosts file (a local storage for domain name / IP address mappings, which is consulted before domain name servers and is considered authoritative).
The advertisements and/or the linked sites may contain malicious code, which is a very likely situation, given that they are promoted using malware in the first place. Webmasters are affected because the trojan takes away viewers and thus a possible money source from their websites.”, said Attila-Mihaly Balazs, a BitDefender virus analyst.
BitDefender claims in another article that for now 48% of the workstation from US are infected, 41% in Canada, 5% in France, 2% in Romania, and the remaining 4% are dispersed on other 20 countries.
There it was previous attempts to change the Google AdSense replacing it with some sort of iframe. AdSense was replaced by affiliate ads from another networks.