New Trojan Lures Away Google's Audience
A recently-discovered trojan is aimed at Google's AdSense program. The piece of malware hijacks Google text advertisements, replacing them with ads from a different provider, security company BitDefender announced.
December 19, 2007
Further on, the malware creates an entry redirecting pagead2.googlesyndication.com to a rogue server, so that the infected PC will show withing the browser ads from third parties instead of showing the ads served by Google.
"This is a serious situation that damages users and webmasters alike," said Attila-Mihaly Balazs, a BitDefender virus analyst. “Users are affected because the advertisements and/or the linked sites may contain malicious code, which is a very likely situation, given that they are promoted using malware in the first place. Webmasters are affected because the trojan takes away viewers and thus a possible money source from their websites.”
PC users can check whether they're infected or not by issuing the following command (from the command line or from Start -> Run): “ping -t pagead2.googlesyndication.com”. The command should return the following response: “Pinging pagead.l.google.com [6x.xxx.xxx.xxx] with 32 bytes of data”.
If the first digit is a 6, then rest assured, you are not infected. However, should the first shown digit be a 9, you can start looking for a good antivirus program.
Infected users that want to restore their hosts file are advised remove the line from it containing "pagead2.googlesyndication.com".