Roger Thompson of Exploit Security Labs posted today about finding poisoned Google sponsored links that surreptitiously direct searchers through malicious sites that attempt to surreptitiously install malware on your PC.
According to the article, on the morning of April 10th, if you searched for Better Business Bureau on Google and clicked on the Sponsored Listing, you'd find yourself on the BBB website as expected. However, before you actually reached the final destination, you'd pass through a site that attempts to exploit an Internet Explorer browser vulnerability and installs malware intended to steal very sensitive banking data.
Barry wrote about this a on Search Engine Land. He references yet another article from the Washington Post that reports the same story about how sponsored listings are being tainted to install malware that reportedly steals passwords and other sensitive information.
On DigitalPoint, a member asks if this will have an impact on the future of paid listings. I hope it does. In the PC World article, the writer says:
I'd love to hear from Google whether they screen purchasers of sponsored links or the redirection URLs they use.
I think that this is very important. Otherwise, the search engine will be under fire as others take advantage of the exploit.
On a similar note, AdWords accounts are being hacked. When Barry reported the story, there was no apparent association to GregOne's account being compromised to the malware within the sponsored listings. It may, however, be the case now. The WebmasterWorld is updated, and GregOne (whose account was hacked) writes to say that by clicking on one of the ads, there was a "redirect pointing to trackback.org that somehow installed an activex component without approval."
This is pretty worrisome. GregOne says, "I got hit on the 23rd of April, you'd think Google would have put a freeze on any links pointing to fasttrack.org." That would be a good idea.