Unwary surfers infected by a new Trojan horse may be in for a shock when their browser is unexpectedly redirected to a hard-core porn site, a security firm warned Wednesday.

The Delf-IT Trojan horse lurks in the background on infected PCs, said U.K.-based Sophos, and waits for the user to visit Web sites that contain one of 50-some trigger phrases, then shunts the browser to a porno page.

Sophos thinks that the Trojan was designed to push porn traffic from competing sites to the new destination. "It's possible that Delf is deliberately designed to drive traffic from other adult Web pages to its own grubby website," said Graham Cluley, a senior technology consultant at Sophos, in a statement. "With so much money being made by Internet pornographers, it may be that some of them are using Trojan horses like this to generate more traffic and revenue."

Among the trigger phrases that Sophos has IDed in Delf are "nympho" and "spanked," but also the innocuous "beauty" and "outdoor."

"Because some of the trigger phrases chosen by the Trojan can be used perfectly innocently, it's possible that surfers who wished to see nothing sordid will find themselves redirected to a hardcore pornography website," said Cluley. "People who have an interest in the great outdoors may find themselves far from the beaten track."

Only a small number of copies of the Trojan have been spotted so far, added Cluley, but he recommended that users update their anti-virus defenses to keep their browsers pointed in the right direction.