14 DAY TRIAL // Security company BitDefender has found what seems to be the most dangerous attack these days: a Trojan horse which attempts to replace the adverts displayed by Google's AdSense with the commercials provided by another company. The Trojan, identified by BitDefender as Trojan.Qhost.WU, attempts to modify the Windows HOSTS file, in order to show ads from another server. The entire redirect process is done pretty simple: the infection replaces the 'page2.googlesyndication.com' line with another host belonging to the company serving the ads. Pretty smart, don't you think?
"This is a serious situation that damages users and webmasters alike", said Attila-Mihaly Balazs, a BitDefender virus analyst. "Users are affected because the advertisements and/or the linked sites may contain malicious code, which is a very likely situation, given that they are promoted using malware in the first place. Webmasters are affected because the trojan takes away viewers and thus a possible money source from their websites."
Affected users are advised to update their antiviruses and to apply the latest virus definitions rolled out by the security vendor. In addition, if Trojan.Qhost.WU is detected on the computer, users must delete it in order to keep the computer secure.
Correct me if I'm wrong, but I think this is the first time such an attack is detected and we must admit it is fairly smart. Sure, while the time passes by, all the antiviruses will include definitions to detect and remove the infection, so I'm sure we'll going to be protected of this threat anytime soon. In case you're not sure if you're infected or not, here's a simple solution provided by BitDefender that allows you to check if the Trojan is installed on your computer:
"To check if you are affected, you should issue the following command (from the command line or from Start -> Run):