Security researchers have identified a Trojan that hijacks Google text advertisements, replacing them with “ads” from a different provider that are likely to be laced with spyware. The Qhost-WU modifies an infected computer’s hosts file, thereby poisoning systems with bogus DNS lookup records. The hosts file matches domain names of websites with corresponding IP addresses. By corrupting the file hackers can redirect surfers to domains controlled by hackers even when users visit a trusted location.
http://www.theregister.co.uk/2007/12/21/ad_hijacking_trojan/