New malware attack uses Google AdWords

Scammers are now using Google AdWords to distribute malware. The new campaign uses the service to spread a compromised copy of the popular WinRAR compression software, directing anyone who clicks their ad links to a fake version of Download.com where they are prompted to download the software.

When downloaded, the user does indeed receive a full copy of WinRAR, but with malware along for the ride. The installation also installs a program called explore.exe into the system32 folder. The program immediately performs a browser hijack by altering the hosts file so that popular homepage sites like Yahoo.com and Google.com instead point to a fake Microsoft Security Center site.