Google has confirmed it is investigating a Trojan horse that replaces its AdSense advertisements with fake ones hawking pornography and gambling sites, among others.

The malware was first reported last week and discovered in the wild by Web publisher Raoul Bangera. The Trojan apparently installs itself on Windows systems via a website, and then creates fake ads which are positioned to cover up legitimate AdSense ads.

The ads look authentic, but Techshout's examples included ads for Viagra, porn and sex sites, topics more associated with spam than AdSense. AdSense is a programme targeted at smaller Web publishers wishing to generate extra income by displaying text ads on their sites. The system has become hugely popular, and AdSense ads are now commonplace online.

"Most of the ads were about gambling or adult content, which are banned categories in Google AdSense, clearly indicating a suspicious origin," blog Techshout quoted Raoul Bangera as saying. Clicking the fake ads launches a series of advertising sites.

Google said the ads appeared to be generated by malicious software installed on users' PCs, and said it was investigating the issue.

Bangera reportedly supplied Google with system logs, screen shots and system files from infected systems. The company was not able to comment on what other dangers might be posed by the Trojan.

AdSense has been targeted by attackers several times in the past. The Trojan is, more indirect, however, working primarily as a form of spyware.