Lurking in the background of an unsuspecting user's computer, Troj/Delf-IT reportedly searches visited webpages for "relevant" keywords contained within the page's title, and then downloads code that redirects the surfer – ostensibly without his or her knowledge – to an alternative adult site targeting the same keywords.
According to Sophos senior technology consultant Graham Cluley, "It's possible that the Delf Trojan horse is deliberately designed to drive traffic from other adult webpages to its own grubby website."
"With so much money being made by Internet pornographers it may be that some of them are using Trojan horses like this to generate more traffic and revenue," Cluley said. "All computer users should keep their anti-virus software up to date, as well as think carefully about whether they should really be visiting websites of a dubious nature."
Troj/Delf-IT includes over 50 so-called "trigger phrases" which will activate it, including "amateur," "barely legal," "beauty," "bikini," "closeup," "domination," "extreme," "ladyboy," "lesbian," "lolita," "nympho," "outdoor," "pornstars," and "spanked," according to the Sophos website.
"Because some of the trigger phrases chosen by the Trojan - particularly 'outdoor' and 'beauty' - can be used perfectly innocently, it's possible that surfers who wished to see nothing sordid will find themselves redirected to a hardcore pornography website," said Cluley.
"People who have an interest in rambling and the great outdoors may find themselves far from the beaten track," Cluley said.
