Top Tech News HOME LATEST NEWS NEWSLETTERS SEARCH Search
  LATEST NEWS FOR THURSDAY MARCH 30

Close Search Box
Top Tech News
NETWORK SECURITY
Google Text Ad Trojan Wreaks Havoc
Posted December 20, 2007
Google Text Ad Trojan Wreaks Havoc
Next Story
EARLIER
Study: iPhone Major 2008 Hack Target
THIS STORY
Google Text Ad Trojan Wreaks Havoc
Next Story
LATER
Worm Nibbles at Google Orkut Members
YOU ARE HERE:   HOME arrow NETWORK SECURITY arrow THIS STORY
NEWS OPS

By Jennifer LeClaire. Updated December 20, 2007 11:52AM

SHARE

ALSO SEE

A new Trojan has been discovered in an unlikely place: Google ads. According to BitDefender, the Trojan is actively hijacking Google text ads and replacing them with ads from a different provider.

BitDefender, which named the threat Trojan.Qhost.WU, said the Trojan modifies the infected computer's hosts file, which controls domain mappings. The Trojan damages both users and webmasters because it takes away viewers and thus a possible money source from Web sites, BitDefender virus analyst Attila-Mihaly Balazs said in a statement.

These days, ads may not be such an unlikely place to find Trojans. In fact, according to the Q1 2007 Web Trends Security Report published by Finjan, a computer security company, some 80 percent of malicious code now comes from online ads.

Attacks on Ad Networks Common

The proof is in the incidents. Beyond the Google-targeted Trojan, Danish media company sites have reportedly been inadvertently serving ads with malicious content this week. And last month, DoubleClick was serving ads that installed Trojan software on victims' computers. Earlier, in October, malicious hackers targeted RealPlayer software, exploiting it through malware embedded in advertisements.

"Certainly using advertisements -- and banner ads in particular -- to distribute malicious code is not new. We've seen it become more and more common over the past year or so," said Oliver Friedrichs, director of Symantec's Security Response. Friedrichs recalled another recent attack in which ad syndicator 24/7 Real Media was compromised. Its ads were poisoned with a Trojan downloader.

"Simply by compromising one system on the ad syndicator's network, an attacker can distribute his malicious code to many thousands of Web sites and potentially the many millions of users who are visiting those Web sites," Friedrichs said.

Web Site Reputations Don't Protect

Symantec said it expects these sorts of ad-based attacks to continue in 2008. The simplicity and ease by which one person can deploy malicious code to many millions of users provides plenty of incentive for attackers to continue to pursue this strategy. Some malicious attackers purchase banner ad space and modify the ad to link to malicious code, Friedrichs said, while other times they go after ad syndication systems.

Web site reputation and using blacklists and other technologies to block known malicious sites is ineffective against ad-oriented attacks because consumers are visiting legitimate Web sites, Friedrichs said, including social media sites, e-commerce sites, and auction sites.

"In the past you would have been safe by avoiding the seedier sides of the Internet," Friedrichs said. "That's not enough anymore. You need to have not only antivirus software to protect yourself today, but also browser protection that prevents these types of Trojans from being installed on your computer."

Google was not immediately available for comment.

Tell Us What You Think
Comment:

Name:

MORE IN NETWORK SECURITY

Next Article >

INSIDE TOP TECH NEWS NETWORK SITES SERVICES BENEFITS