Skip to main content

Trojan replaces Google ads with third party ones

A new Trojan malware (opens in new tab) has been discovered by security firm Bit Defender on the 17th of December. Nicknamed Trojan.Qhost.WU, it has a low spreading and causes little damage to the host computer.

It modifies a file found in the Windows directory of a Windows-based computer to redirect the initial query from Google Genuine adsense servers to a malicious host.

The trojan horse does not affect the user by displaying traditional symptoms of infection - popups or gradual slowing of the system although as Bit Defender says, users might be swamped by Malware related advertisement or scam/phishing schemes.

Trojan.Qhost.WU is also a direct financial threat to Google Ad system which provides Google with the bulk of its revenue and indirectly to webmasters and content publishers becaused they are denied a share of the Google advert revenues.

To check whether the Trojan is present, you should issue the following command (from the command line or from Start -> Run): ping -t pagead2.googlesyndication.com .

The response should be similar to "Pinging pagead.l.google.com [6x.xxx.xxx.xxx] with 32 bytes of data: where the xs represent digits. If you are not infected, the first digit will be a 6 (as in the example). If you are infected, the first digit will be a 9."

Désiré Athow
Contributor

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at ITProPortal.com where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.