Google Inc. has cancelled paid advertisements that cybercriminals were using to redirect users to sites containing malicious software that would steal banking data and other personal information.
The ads, linked to 20 search terms, appeared on Google as legitimate organizations such as the Better Business Bureau and cars.com.
But the links instead took unsuspecting users to a site that would attempt to install software aimed attaking advantage of a security gapin older versions of the Microsoft Windows XP operating system.
Exploit Prevention Labs chief technology officer Robert Thompson first posted information about the problem Tuesday on the security company's blog.
Google said in a statement it cancelled the accounts on Tuesday upon learning of their existence.
"We are also evaluating our systems to ensure that the appropriate measures are in place to block future attempts," the company said Thursday.
"Google is committed to ensuring the safety and security of our users and our advertisers. We actively work to detect and remove sites that serve malware in both our ad network and in our search results."
The discovery of the bogus ads could shake people's confidence in ads powered by search engines, said Nick Ianelli, an internet security analyst with the Computer Emergency Response Team Co-ordination Center at Carnegie Mellon University.
"This is serious— there's confidence in the links that are at the top, whether they're sponsored or not," said Ianelli. "It's going to affect the whole industry, not just one provider."
Google's AdWords service brings together advertisers and websites willing to display their ads. Advertisers pay Google a fee based on the number of click-throughs, and site operators receive a commission for each time that a visitor clicks on an ad. The selling of advertising links is a large part of the Mountain View-based company's $3.08 billion in profit in 2006.
The attack in this case targeted the top "sponsored" links tied to Google search results. Sponsored links allow customers to buy ads connected to a particular search term. When users type in the search term, Google will display the advertisers who bid the highest amounts at the top of its sponsored links.
Exploit Prevention Labs first discovered the attack on April 10 when a search under the phrase "how to start a business" turned up a legitimate business as the top entry. However, when the user clicked on the link, it instead sent them to a site that attempted to install a password-stealing keystroke logger on the user's PC.
Thompson, chief technology officer for Exploit Prevention Labs, said Thursday that no further attacks of this type had been discovered, "but the exploit site is still live and serving, so if someone finds a way to hook to it, it'll fire."
Security experts agreed the incident should raise awareness among computer users to keep their computer software updated.
Google echoed the sentiment on their Inside AdWords blog, saying, "We strongly encourage all of our users and advertisers to keep up-to-date antivirus protection on their computers and regularly run system scans."
"As a general rule of thumb, individuals should also take care to create complex passwords, change them frequently, and only use them on known or trusted (non-public) computers," the company said.