A new Trojan program that displays rogue advertisements during browsing sessions uses a DNS-based email validation protocol called the SPF (Sender Policy Framework ) in order to receive instructions from attackers without being detected, according to security researchers from Symantec.