Google recently admitted that hackers successfully hijacked AdWords, which allowed cyber criminals to use affected links to redirect users to web sites that contained malicious software. Google immediately shut down the offending links once they were discovered early last week.
At least 20 specific search terms that appeared on Google as legitimate ads, redirected users to smartattack.org, which distributed the malicious code. Users were sent to the legitimate site thereafter the damage was done.
The flaw appears to only have affected users of the Microsoft Windows XP operating systems. The web exploit was discovered by Exploit Prevention Labs, a security firm. They said they found the threat earlier this month when searching the phrase “how to start a business.” One of the hyperlinks related to the search term led to a site that attempted to install a keylogger.
"This is an issue we've taken very seriously and will continue to monitor. We are evaluating our systems to ensure that the appropriate measures are in place to block future attempts," Google said.
It is unknown how many people were affected by the exploit. The Mountain View-based company declined to disclose which search terms were involved.