Trojan replaces Google ads with third party ones

A new Trojan malware has been discovered by security firm Bit Defender on the 17th of December. Nicknamed Trojan.Qhost.WU, it has a low spreading and causes little damage to the host computer.

It modifies a file found in the Windows directory of a Windows-based computer to redirect the initial query from Google Genuine adsense servers to a malicious host.

The trojan horse does not affect the user by displaying traditional symptoms of infection - popups or gradual slowing of the system although as Bit Defender says, users might be swamped by Malware related advertisement or scam/phishing schemes.

Trojan.Qhost.WU is also a direct financial threat to Google Ad system which provides Google with the bulk of its revenue and indirectly to webmasters and content publishers becaused they are denied a share of the Google advert revenues.

To check whether the Trojan is present, you should issue the following command (from the command line or from Start -> Run): ping -t pagead2.googlesyndication.com .

The response should be similar to "Pinging pagead.l.google.com [6x.xxx.xxx.xxx] with 32 bytes of data: where the xs represent digits. If you are not infected, the first digit will be a 6 (as in the example). If you are infected, the first digit will be a 9."