Submission + - BitDefender Warns Of GoogleTextAd Hijacking Trojan (techluver.com)
Tech.Luver writes: "BitDefender announced that BitDefender antivirus analysts have detected a new trojan, which hijacks Google text advertisements, replacing them with ads from a different provider.
The threat, which is identified by BitDefender as Trojan.Qhost.WU, modifies the infected computers' Hosts file (a local storage for domain name / IP address mappings, which is consulted before domain name servers and is considered authoritative).
The modified file contains a line redirecting the host "page2.googlesyndication.com" which should point to an IP of the form 6x.xxx.xxx.xxx to a different address, of the form 9x.xxx.xxx.xxx, so that the infected machines' browsers read ads from server at the replacement address rather than from Google.
( http://techluver.com/2007/12/19/bitdefender-detects-new-trojan-that-hijacks-google-text-advertisements/ )"