Herbert sent me an email this week which referred an article by Exploit Prevention Labs. The article describes how Google Adwords ads were being used to infect users computers. This was not widespread and did not affect all Google ads.
When searching Google you may notice "Sponsored Links" at the top and right side of some search results. These are actually ads that an advertiser has paid to appear there. I've used Google's Adwords myself to try to generate additional visitors to my site.
The article explains that someone associated with smarttrack.org had purchased ads for several popular search terms. When anyone would click on those ads they were taken to the smarttrack.org website, where an exploit tries to install a backdoor and keylogger. You are then seamlessly redirected to the site you originally intended to visit. The article goes on to explain that Google does not show the URL of a highlighted link in the ads.
Regular Google search result. Notice the URL at the bottom when hovering?
Google ad result. Notice the lack of URL display when hovering?
The article seems to blame Google for this activity. In actuality Google's name may have been invoked as an attention grabber, but this really isn't Google's fault. This method could be used on any website or link, whether typed into the address bar of your browser manually, or following a link from a website.
A redirect is "web speak" for the ability of a webmaster to direct you to a page that is different from what you typed or clicked. It's used commonly and without malice on many website for valid reasons. A quick example would be I have a page named clikme.html. This page is very popular. Several months later I realize that the name is mis-spelled. I decide to correct the error, but realize that many people may have bookmarked the page. If I correct the name to clickme.html those people would get an error. If the page has been indexed by a search engine anyone trying to find it will also get an error. By using a redirect I can instruct your browser to go to the corrected name even if you type the old, incorrect one. There are other uses, but this is an example.
In theory if I owned example.com I could redirect any visitor to myexample.com and try to infect their computer. Once I was done I could redirect them back to the original site and they wouldn't even know. It's nothing new, and it's not Google's fault in any way.
So what can we do to prevent being infected? First and foremost keep your computer updated! An updated computer is less likely to be infected. Use an effective Anti-virus program such as NOD32 or Kaspersky. Use an effective Anti-spyware program such as SpySweeper, CounterSpy, or Spyware Doctor. Use a link/page ranking program such as Site Advisor, TrendProtect, or WOT for Firefox.