A new Trojan has managed to hijack Google text advertisements and replace them with possibly malicious ones.

Detected by Trend Micro as TROJ_QHOST.GC, this Trojan modifies a computer’s HOSTS file to prevent users from connecting to page2.googlesyndication.co. This particular site directs to a server for advertisements enrolled to AdSense, the advertising service offered by Google.

What this Trojan does instead, is that it makes the browser point to another IP address that functions as a rogue server to third party advertisements about gambling and pornography.

Google has already taken action by launching an investigation and has reportedly cancelled customer accounts with advertisements that redirect users to possibly malicious Web sites and those that advertise products that violate their software principle.

For fans of Big Brother Brasil, the following spammed email message is tough to disregard:

Jose Lopez Tello, Trend Micro Virus Coordinator in Latin America, says the page translates as:

Exclusive Material

The German guy tells, for the first time, how he got HIV.

Since today, everything will be different for the German guy, not for his fans, not for being the Brazil Big Brother winner, but for being an HIV carrier.

In a complete report, he tells how he got infected, how was it and how he was evading the problem.

The “German guy” mentioned above is Diego Bissolati Gasques, winner of the seventh season of Brasil Big Brother. “German” is a translation of Gasques’ nickname Alemão.

The email contains a clickable link to http://ofuxicoterra.{BLOCKED}t13.com/021452. However, once a user clicks the link—most probably to get more information about Gasques and his supposed revelation—users are redirected to another malicious site: http://0fuxico.{BLOCKED}a.es/Materia_Completa.cmd. The file name, which roughly means “Complete Material,” is detected by Trend Micro as TROJ_DLOADER.RSP.

While curiosity is not really always a bad thing, recipients of this email—fans of BBB most especially—are better off not clicking the link so as not to compromise their systems.