About That Google Ad Trojan ...

« Trojan Targets Google Ads via Hosts File | Main | FTC Approves Google/DoubleClick Merger »

December 20, 2007

I first caught yesterday's story about the Google ad trojan from the Reuters writeup, but was left so thoroughly confused by the eight skimpy grafs of coverage that I went straight to the original press release from BitDefender.

The trojan in question uses the not-unheard-of technique of modifying the victim's hosts file to point requests for "page2.googlesyndication.com" to a different address belonging to a malicious server. In fact, if we think back to last month's omg Apple malwarez!1!! drama, it's the same sort of attack.

The point of the trojan, though, isn't that it's doing anything to Google servers at all. It's redirecting requests for name lookups on Google servers to malicious servers. And that's what made Reuters' coverage so confusing:

"Google said on Wednesday: 'We have cancelled customer accounts that display ads redirecting users to malicious sites or that advertise a product violating our software principles.'

'We actively work to detect and remove sites that serve malware in both our ad network and in our search results. We have manual and automated processes in place to detect and enforce these policies.'"

It sounds like the Reuters reporter called up Google, expressed the same muddled conceptual issues that spawned the nugget "the trojan, named after the mythic Trojan Horse because of its ability to enter computer systems undetected ..." and got some boilerplate about malicious AdSense buys, which are a different matter altogether.

And now the headline is mutating into confusing things like "Trojan virus takes down Google's AdSense program," and "Google Ads hacked by Trojan software." There's even "Trojan Found in Google Text Ads."

I guess this is part of the price Google pays for its popularity. The idea that Google itself is somehow a menace is too good a hook to resist.