Malware authors are beginning to nibble at Google's text advertising money pie.
According to a warning from anti-virus vendor BitDefender, a new Trojan is making the rounds, hijacking Google text advertisements and replacing them with ads from a different provider.
The Trojan.Qhost.WU threat works by modifying the hijacked computer's Hosts file to redirect the initial query to the Google AdSense servers to a malicious host.
Instead of getting advertising content from Google's "page2.googlesyndication.com" domain, the Trojan, discovered Dec. 17, instructs the infected machine to fetch ads from a different, third-party ad server, according to BitDefender virus researcher Attila Balazs.
BitDefender did not identify the rogue third-party ad server.
Balazs said the threat is a worry for Webmasters and end users.
"Users are affected because the advertisements and/or the linked sites may contain malicious code, which is a very likely situation, given that they are promoted using malware in the first place. Webmasters are affected because the Trojan takes away viewers and thus a possible money source from their websites," he said in a statement.
Over the past year, malicious hackers have turned their attention to ad networks as vehicles for drive-by malware downloads.
In November, security researchers found DoubleClick serving up massive amounts of ads for bogus anti-spyware programs in place of legitimate advertising. Before that, advertisements served by RealNetworks' RealPlayer were also used to exploit a zero-day software vulnerability.
Check out eWEEK.com's Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK's Security Watch blog.