Users who visit adult Web pages may be targeted by the Delf-IT Trojan, according to Lynnfield, Mass.-based antivirus firm Sophos.
The company said the Trojan sits in the background on infected computers, waiting for the user to visit Web sites containing one of several adult phrases in their title. If it determines the user is visiting a hardcore site, it then downloads malicious code that redirects the browser to another pornographic site.
"It's possible that the Delf Trojan horse is deliberately designed to drive traffic from other adult Web pages to its own grubby Web site," Graham Cluley, senior technology consultant for Sophos, said in a statement. "With so much money being made by Internet pornographers it may be that some of them are using Trojan horses like this to generate more traffic and revenue. All computer users should keep their antivirus software up to date, as well as thinking carefully about whether they should really be visiting Web sites of a dubious nature."
The Trojan watches for 50 different words and phrases that will trigger it into action, including "amateur," "barely legal," "beauty," "bikini," "closeup," "domination," "extreme," "ladyboy," "lesbian," "Lolita," "nympho," "outdoor," "pornstars" and "spanked."
"Because some of the trigger phrases chosen by the Trojan -- particularly 'outdoor' and 'beauty' -- can be used perfectly innocently, it's possible that surfers who wished to see nothing sordid will find themselves redirected to a hardcore pornography Web site," Cluley said. "People who have an interest in rambling and the great outdoors may find themselves far from the beaten track."