Trojan infects Google Adsense
December 26, 2007
If you clicked on a Google Adsense advertisement and strangely landed on a site that promotes Viagra, gambling, or pornography, chances are you have been infected by a trojan that targets Google Adsense ads.
Anti-virus software company Trend Micro reported that a Trojan called TROJ_QHOST.GC has managed to hijack Google’s text advertisements which prevents users from connecting to page2.googlesyndication.co which is the server that directs to Adsense advertisements.
When installed, the trojan points a user’s browser to another IP address that “functions as a rouge server to third party advertisements about gambling and pornography.”
To avoid having the trojan infect your computer, refrain from downloading or installing any file sent by an unknown sender.
Trojans, as well as viruses, are also easily transferred via peer-to-peer networks (such as BitTorrent, etc.) so make sure that you scan your PC every time you connect to those systems.
Apparently, this was not the first time a trojan hit Google Adsense. In December 2005, TechShout reported that users infected with the same trojan saw adult- or gambling-related advertisements that looked exactly like Adsense ad units (see screenshot).
The program is engineered to produce fake Google ads that are formatted to look like legitimate ones. The ads are incorporated in Google AdSense [and the] Trojan Horse apparently downloads itself onto an unsuspecting computer through a web page and then replaces the original ads with its own set of malicious ads.
A Christmas attack on Google Adsense? Maybe.
But more than that, this is actually an attack on site owners and publishers whose Adsense income will be negatively affected because they will earn nothing from the fake Google ads.
Definitely not a jolly Christmas for publishers whose Adsense earnings is already falling because of recent changes in Google Adsense’s policies.