• by Joe Mandese  @mp_joemandese, December 21, 2007

In a development that could potentially destabilize Google's AdSense system, antivirus experts have detected a new Trojan that hijacks Google text ads and replaces them with ads from a different provider. The threat, which was discovered by security software developer BitDefender, was identified as Trojan.Qhost.WU, causes an infected computer's browser to read ads from a server at a "replacement address" instead of from Google.

"This is a serious situation that damages users and webmasters alike," said Attila-Mihaly Balazs, a BitDefender virus analyst. "Users are affected because the advertisements and/or the linked sites may contain malicious code, which is a very likely situation, given that they are promoted using malware in the first place. Webmasters are affected because the trojan takes away viewers and thus a possible money source from their websites."

A trojan, an abbreviation for the term Trojan horse, is computer industry terminology for a piece of software that appears to perform a certain action but covertly performs another.

"Contrary to popular belief, this action, usually encoded in a hidden payload, may or may not be acutely malicious, but Trojan horses are notorious today for their use in the installation of backdoor programs," reads the current definition of Wikipedia. "Simply put, a Trojan horse is not a computer virus. Unlike such badware, it does not propagate by self-replication but relies heavily on the exploitation of an end-user."

It was not clear at presstime how much impact the trojan might be having on Google's ad system. Google had not issued any statements, and there were no posts concerning the trojan on the Google Blog.

.