"In the past few months, more than 1% of all search results contained at least one result that we believe to point to malicious content and the trend seems to be increasing," said Niels Provos, a security engineer at Google, in a blog post.
Provos said that in the year and a half since Google began tracking malicious Web pages, the company has found more than 3 million unique URLs on more than 180,000 Web sites that attempt to install malware on visitors' computers.
Provos co-authored a technical paper, "All Your IFRAMEs Point To Us," with Panayiotis Mavrommatis, a Google colleague, and two Johns Hopkins University computer scientists, Moheeb Abu Rajab and Fabian Monrose. The paper describes the increasing impact of "drive-by downloads," the exploitation of Web browser vulnerabilities to download and run malware automatically on the computers of Web site visitors.
Remarkably, Provos and his co-authors acknowledge that Internet advertising, Google's lifeblood, is contributing to malware distribution. This is an issue that has been raised by security companies recently, but to hear it coming from Google is unusual. In general, industry-backed research tends to confirm business models rather than call them into question.