A new virus that infiltrates Google’s online advertising business and hijacks the ads with a different provide has been detected, Romanian antivirus company BitDefender says.

The trojan – dubbed Trojan.Qhost.WU – modifies the infected computers’ hosts file and redirect the Google’s AdSense link “page2.googlesyndication.com” to a different address.

The Trojan.Qhost.WU threat works by modifying the hijacked computer’s Hosts file to redirect the initial query to the Google AdSense servers to a malicious host.

Instead of getting advertising content from Google’s “page2.googlesyndication.com” domain, the Trojan, discovered Dec. 17, instructs the infected machine to fetch ads from a different, third-party ad server, according to BitDefender virus researcher Attila Balazs.

“We actively work to detect and remove sites that serve malware in both our ad network and in our search results. We have manual and automated processes in place to detect and enforce these policies.”

The trojan, named after the mythic Trojan Horse because of its ability to enter computer systems undetected, attacks Google’s AdSense service, which targets advertisements to match Web page content.