Virus writers have been gaming Google‘s “sponsored links” — the paid ads shown alongside search engine results. They are aiming to get their malicious software installed on computers whose users click onto ad links after searching for legitimate sites such as, the official Web site of the Better Business Bureau.

Sponsored links allow customers to buy advertisements attached to a particular search term. When a Google user enters a term into the firm’s search engine, the ad belonging to the advertiser that bid the highest price for that search term appears at the top of the list of search results.

According to a report at Exploit Prevention Labs, while the top sponsored links that showed up earlier this week when users searched for “BBB,” “BBBonline” or “” appeared to direct visitors to those sites, they initially would route people who clicked on the ads through an intermediate site. The intermediate site attempted to exploit a vulnerability in Microsoft Windows to silently install software designed to steal passwords and other sensitive information from infected PCs. The attackers exploited a flaw in Microsoft’s Internet Explorer Web browser, a problem that the company issued a patch to fix last June.

continued @