Software // Enterprise Applications
News
12/18/2007
06:54 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%
Repost This

New Trojan Software Swaps Google Ads For Malware

BitDefender says a new Trojan replaces Google AdSense text ads with ads from a different, potentially malicious provider.

New Trojan software has been found picking the pockets of Google and its publishing partners, and potentially exposing Web surfers to more malware.

BitDefender, a software security company based in Bucharest, Romania, on Tuesday said that it had detected a new Trojan (Trojan.Qhost.WU) that replaces Google AdSense text ads with ads from a different, potentially malicious provider.

"This is a serious situation that damages users and Webmasters alike," said Attila-Mihaly Balazs, a BitDefender virus analyst, in a statement. "Users are affected because the advertisements and/or the linked sites may contain malicious code, which is a very likely situation, given that they are promoted using malware in the first place. Webmasters are affected because the Trojan takes away viewers and thus a possible money source from their Web sites."

Google said in an e-mailed statement that it is "committed to ensuring the safety and security of our users and our advertisers. We actively work to detect and remove sites that serve malware in both our ad network and in our search results. We have manual and automated processes in place to detect and enforce these policies. We have canceled customer accounts that display ads re-directing users to malicious sites or that advertise a product violating our software principles."

The Trojan works by modifying the Hosts file on victims' computers. The Hosts file contains IP address and domain name data used to find resources on a network. By altering the Hosts file to redirect "page2.googlesyndication.com" to an IP address not affiliated with Google, the Trojan directs infected machines to load ads from an unauthorized server.

Over the past few years, advertising has come to look more and more like a security risk, a development that no doubt has helped to pique Google's interest in security. Some 80% of malicious code online comes from online ads, according to the Q1 2007 Web Trends Security Report published by Finjan, a computer security company.

In the past few days, Danish media company sites have been observed inadvertently serving ads containing malicious content. In November, DoubleClick was serving ads that installed Trojan software. In October, RealPlayer software was exploited through malware embedded in advertisements served by 247realmedia.com.

The issue, as Sun Belt Software CEO Alex Eckelberry described it last month, is that ad networks accept new clients without checking up on them. "This is not a trivial problem," he said in a blog post, "and the most important thing for publishers to do is to be extremely careful when accepting new advertisers (and be wary of tricks these people use, like giving fake references), and then keep a close eye on the advertising as it's running (and hopefully some good tools can be developed for publishers to use to check the content of ads for malicious redirects before posting)."

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.