Google has rooted out a scam that delivered malware via the search engine's AdWords advertising system, and even added extra sections to specific banking websites to gather additional information.
The scam was a particularly dangerous example of a trend that has become a significant problem for search engines such as Yahoo and Google: hackers using search engine results and advertising links to attack users' systems.
This particular attack also took a page out of the phishers' book by impersonating well-known brands such as the Better Business Bureau, according to Exploit Prevention Labs, which said it had been monitoring the attack since 10 April until Google shut it down two weeks later.
"This is an issue we’ve taken very seriously and will continue to monitor," said a Google spokeswoman in a statement on the company's website. "We are also evaluating our systems to ensure that the appropriate measures are in place to block future attempts."
The links in question turned up in response to searches such as Better Business Bureau - for which the malicious link was the top sponsored link, according to Exploit Prevention Labs. Other searches affected included "Florida Business Opportunity Law" or "Modern cars airbags required."
Google has terminated the account behind the attack. Exploit Prevention Labs said it had detected about 20 different search strings that resulted in links to smarttrack.org.
The Better Business Bureau link did, in fact, lead to the BBB's website, but only after passing through a seemingly harmless site called smarttrack.org. This site used a modified MDAC exploit to attempt to install a backdoor and a post-logger on to the user's system, Exploit Prevention Labs said.
The post-logger targeted about 100 banks by injecting extra html into those banks' response pages to get users to enter extra information. It also logged all user IDs and passwords.
"Because the post logger is a browser helper object, it is part of the end-point of any SSL transaction, and can see everything in plain text, instead of encrypted," said Exploit Prevention Labs CTO Roger Thompson on the company's blog.
He said the exploit highlights a significant issue in that, unlike with organic search results, sponsored results don't display a preview of where the link is leading.
"This means that a user has no clue where she is about to navigate to. Savvy search engine users will know that often these sponsored links will take you through a 'Click-manager' or other advertising service and so seeing your browser pass through smarttrack.org will appear benign enough," he wrote.
Aside from malware infesting their advertising systems and search results, search engines such as Yahoo and Google also have to deal with click fraud, a growing problem where companies try to drive up their competitors' advertising costs by generating fake ad click-throughs.