
Under the guise of ads for trusted organisations, unsuspecting users are instead redirected to malicious sites that attempt to install exploits and other malware, according to Exploit Prevention Labs (EPL).
Roger Thompson, chief technology officer at EPL, said in a blog posting that he first learned of the attack vector on 10 April.
A user of the EPL's LinkScanner Pro safe surfing software ran a Google search on the phrase 'how to start a business'.
The top-ranked sponsored search listing appeared to be from AllBusiness.com, a legitimate company, yet the hyperlink actually led to a site that attempted to install a password-stealing key-logger on the user's PC.
Thompson's team discovered that an organisation had registered the domain name smarttracker.org on 2 or 3 April. By 10 April, the organisation had opened a Google AdWords account and purchased campaigns for various search terms.
Although each of the ads displayed a trusted hyperlink, clicking on the link redirected the user to smarttracker.org before sending them on to their intended destination.
"Although Google has terminated this particular offending account, the discovery highlights problems facing all sponsored search vendors: how to determine the legitimacy of any individual advertiser, and whether a redirected link is being used legitimately," EPL stated.