Brian Kreb's has a blog today "Virus Writers Taint Google Ad Links" that documents attempts by criminals to put malware into Google sponsored ad links for people searching for the Better Business Bureau.
"According to a report at Exploit Prevention Labs, while the top sponsored links that showed up earlier this week when users searched for "BBB," "BBBonline" or "Cars.com" appeared to direct visitors to those sites, they initially would route people who clicked on the ads through an intermediate site. The intermediate site attempted to exploit a vulnerability in Microsoft Windows to silently install software designed to steal passwords and other sensitive information from infected PCs. The attackers exploited a flaw in Microsoft's Internet Explorer Web browser, a problem that the company issued a patch to fix last June."
Brian ends his blog "This certainly is not the first time virus writers have used ads to spawn their wares. Last summer, Security Fix discovered that more than a million Windows users had been infected with spyware thanks to a malicious banner advertisement shown for several days on high-traffic sites like MySpace.com and Webshots.com."
How can users protect themselves from these attacks? There is no easy answer. Unfortunately web based attacks are rising rapidly and will become very common throughout this year.