The practice of establishing AdWords accounts for the purpose of passing clicks through a third-party malware distributor has drawn a blame-the-user response from Google.
Google Responds To AdWords Scam Kerfuffle
Google's bread-and-butter paid search ads had a whiff of acrid spoilage to them after a nasty criminal attack using
It doesn't look like the processes worked. Exploit Prevention Labs began noticing the criminal AdWords placements on April 10, a full two weeks before Google deactivated the offending accounts. Those ads likely ran for a period of time before Exploit Prevention Labs picked up on them.
Google also gave the usual security advice to people about securing their systems with up to date virus protection, and changing complex passwords regularly. Good advice, but it's also a deflection from the broader trust issue that people will have with paid search ads now.
Searchers were making very innocuous queries on Google that turned up these malevolent AdWords ads. These were searches that turned up phony ads for the Better Business Bureau and Cars.com, neither of which tend to be associated with the less than prurient sites (as in adult) usually associated with drive-by infections.
The situation is also going to make people who have been hit with attacks like these, without having visited any unusual sites, to wonder if this is how their systems got nailed with a nasty Trojan. This isn't the first time criminals have tried to abuse AdWords, judging by Google's stated practice of looking for this behavior.
It's going to take more than a blog post to engender ongoing trust in paid search ads. Good luck with that. 
No comments yet. Be the first to comment!