FRANKFURT (Reuters) – Advertisements placed by Google in Web pages are being hijacked by so-called Trojan software that replaces the intended text with ads from a different provider, Romanian antivirus company BitDefender says.
The Trojan redirects queries meant to be sent to Google servers to a rogue server, which displays ads from a third party instead of ads from Google, BitDefender said in a statement.
Google said on Wednesday: “We have canceled customer accounts that display ads redirecting users to malicious sites or that advertise a product violating our software principles.”
“We actively work to detect and remove sites that serve malware in both our ad network and in our search results. We have manual and automated processes in place to detect and enforce these policies.”
The Trojan, named after the mythic Trojan Horse because of its ability to enter computer systems undetected, attacks Google’s AdSense service, which targets advertisements to match Web page content.
“This is a serious situation that damages users and Webmasters alike,” said BitDefender virus analyst Attila Balazs.
“Users are affected because the advertisements and/or the linked sites may contain malicious code,” he said. “Webmasters are affected because the Trojan takes away viewers and thus a possible money source from their Websites.”
BitDefender on its Web site describes the Trojan, which it identifies as Trojan.Qhost.WU, as spreading at a “low” level and causing “medium” damage.