Ad hijacking Trojan targets Google Security researchers have identified a Trojan that hijacks Google text advertisements, replacing them with "ads" from a different provider that are likely to be laced with spyware. The Qhost-WU modifies an infected computer's hosts file, thereby poisoning systems with bogus DNS lookup records. The hosts file matches domain …
Surely the simple solution here is for M$ to implement one of the security fixes that would require local host file lookup to be actively enabled?
The vast majority of users don't use it and probably don't even know its there. Now that it can be exploited in such a way it is a clear security vulnerability, ESPECIALLY given most windows users have read/write permissions to this file.
If you have malicious code running on your system, necessary in order to change your hosts file, it's a bit beside the point that your advertisments are being hijacked.
Instead focus on the vulnerability that ALLOWED the hosts file to be changed, and be thankful the code didn't delete your My Documents folder or any number of other more sinister things than merely redirecting advertising.
This is about the least harmful trojan seen recently, mostly Google is raising a stink about "potential" malware sites to try to alarm people but mainly they're misleading a bit in that their primary concern is just keeping advertising dollars flowing as much as possible.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
