If you're new here, you may want to subscribe to my RSS feed. If you have any questions, please see my policies page or if you would like to contact me, you can do so here. You can find out more about me here. I sincerely thank you for visiting!

Brian Krebs at the Washington Post’s Security Fix blog is reporting something that I’ve been suspecting for some time. Virus writers and other ne’er-do-wells are gaming the Google AdWords system to infect computer users searching for items on Google.

I am always a little leery of clicking on the paid links that pop up whenever you do a query on Google. They are often segregated on the right hand side of the screen and I know that they are advertisements and that anyone can put a link there if they bid high enough. Now,  Brian is reporting that searches for the Better Business Bureau website served up links that did go to the BBBOnline site, but passed through a server that installed all sorts of nasty bits on your computer. Google doesn’t show the target of the link in the window for sponsored links like it does for regular links.

Luckily, if you kept your computer up to date you were okay. The exploit used in the attack was fixed last June by Microsoft. But it could portend zero-day attacks that are spread via sponsored links.

This isn’t the first time advertisements have been used to spray malware. Banner ads have been rigged with spyware in the past and managed to get on high volume websites by tricking ad placement companies to run the ads (Brian mentions Webshots and MySpace specifically as previous targets).

I’m not really shocked that Google AdWords is now being used to do the same thing. One of the benefits of AdWords is that it is generally cheaper to run an AdWords campaign than one through Doubleclick or other banner ad agencies.

I run AdSense on my site to generate income to offset the cost of running the website, but I’m definitely looking at Text Link Ads more and more because I can control the links that are served up. I want to know that my website isn’t spewing malware to the masses.

Be careful of the sponsored links (really of any link) because you just never know who put it there and why.