Atlanta-based Exploit Prevention Labs says criminals have been using Google's AdWords program this month to snoop on Web surfers with the hopes of eventually breaking into their bank accounts. The company says it has evidence of a concerted effort to install "malware" on surfer's PCs from April 10 through April 24 but that it doesn't know whether anyone's bank account has actually been breached.

Here's how the potential crime was supposed to work: Searches for business- and car-related words produced ads next to search results for legitimate pages like Cars.com and the Better Business Bureau's Web site. But when users clicked on those ads, Exploit Prevention says they were first redirected to a Russian site called SmartTracker.org. That site would download a program onto the user's machine before sending them on to their destination site. When users later visited one of a hundred major banking sites the software was designed to target, the program would spy on them using a "post-logger," a program that inserts fake entry fields into Web sites and records passwords.

Google said in a statement Thursday that it had removed the fraudulent ads and is "continuing to monitor the situation closely." The company also said it is "committed to ensuring the safety and security of our users and our advertisers," and is working to remove malware infected pages from both its ad network and its search results.

Get the full story at Forbes