I've been trying to find out the IP address or addresses it adds to the HOSTS file. Does anyone have more useful information about this as it would be good to block as a sysadmin. All we're told is that it starts with a 9.

Would be interesting to find out what ads are running through that false IP, whether Google ads but for another account, or something else.

Perhaps this thread should be in Google Adsense not Google Adwords as it is the former which will be negatively affected to the great extent

This isn't new- I actually had something like this on one of my computers months ago. I can't remember if I posted somethign about it, but others did last year: [webmasterworld.com...]

The one I saw last year '[webmasterworld.com ]' did things a bit different than this one and I'm guessing we'll see more and more of these type things happening to Google.

I have to wonder how much Google loses in revenue given the fact that this stuff has been around for a while now. I also have to wonder what would happen if a mass infection really happened? All of Google revenue grinds to a halt? Would you be able to sell off stock fast enough before it tanked?

JAG

Google needs to issue a public statement on this. And sue the living daylights out of the perpetrators!

Anyone get a screen capture of the replacement ads? That would really put a bee in Google's bonnet!

p/g

And sue the living daylights out of the perpetrators!

Sue for what exactly? One persons virus is another persons tool. In my case I installed the toolbar that bypasses the ads and as far as I know I'm allowed to control what I see on my screen after it gets to me.

I do not agree with scumware, viruses and such that is installed without permission though. The folks who do that are indeed lower than whale crap.

JAG

I also seen (had) something similar a few months ago, it was easy to remove, it appeared in my IE under "ad-dons" and I just disabled it then deleted the file just to make sure.

It didn't cause any other problems that I noticed, it just replaced the Google ads with some others.

Avast 4 home edition didn't detect it at that time.

I started to check my browser when I saw on my own sites ads that I knew Google would not approve (vibrating errors kind of ads: "you won", "visitor number zzz", etc.).

Somebody probably became really rich with this smarty virus :)

What google should do is clearly state in their TOS that no one can replace another id with their own for any reason. Then people that do this wouldn't get any money. If they don't get any money then they will in the long run stop doing it. Plus it would open the people doing it to lawsuits. Sounds like Scumware to me.

Actually, the one I had and as I see its the same in the article... replaces the ads with different ads from another ads provider. It doesn't replace teh google publisher id. Right?!
They just had the exact size but there ware not Google ads.

I was infected by this virus back in 2006, over a year ago.

Read my whole story here:
[forum.kaspersky.com...]

I tried everything, when someone in the kaspersky forum finally asked me to publish my host file and identified that it was the cause.

I even contacted google adsense, they confirmed I had a problem, said I was infected by "something" but didn't care much to investigate about it, although this type of bug could have cost them millions of dollars with lots of people seing other ads.

Brakkar

Brakkar, do you know if Kaspersky finds it as a virus *now?

I even contacted google adsense, they confirmed I had a problem, said I was infected by "something" but didn't care much to investigate about it, although this type of bug could have cost them millions of dollars with lots of people seing other ads.

They'd lose much more if the public knew how much their revenue stream is at risk from something as simple as a kidde hack. Perhaps it was safer to ignore and not admit the severity then but maybe it'll be addressed soon.

If a major network, that understood this, picked this thread up today and put it on the evening news the stock might be worth half what it is right now.

JAG

vince^3 wrote:

I've been trying to find out the IP address or addresses it adds to the HOSTS file. Does anyone have more useful information about this as it would be good to block as a sysadmin. All we're told is that it starts with a 9.

I'm assuming the IP shouldn't be posted publicly in the forum, so I sent you a sticky with some info.

Adrian: Kaspersky 6 is supposed to block unauthorized modifications of hosts files.

You can find the IP in my message over at the kaspersky forum.

How do I advertise on this new network?