14 DAY TRIAL // The vulnerability of the Google services are more and more threatened but it seems like it is getting worse as the hackers are now aiming to exploit the AdWords accounts and steal the passwords. According to a WebmasterWorld forum thread, two of the users' accounts were hacked while the advertising campaigns were entirely modified. GregOne, a forum member, reported that his AdWords account was hacked although the password wasn't changed. The user sustained there were some new running campaigns bundled with new credit card billing info, name and address. The campaigns were redirecting the users to some malicious websites that are trying to install an infected ActiveX on the users' computers. More than that, the administrator discovered that its "hosts" file blocked the access to the official page of AdWords using a simple line (127.0.0.1 adwords.google.com).
"The password wasn't changed as I was able to login and see some new campaigns setup & running since yesterday. I didn't setup these accounts and got emails stating some ads weren't approved by Google. I looked in the credit card billing info area and noticed someone elses credit card info, name and address. The funny part is on my desktop I can't access the subdomain adwords.google.com, my comp is probably infected with something nasty. I'm trying to get rid of that activex remotedesktop installation. Not sure if I did," the WebmasterWorld member sustained in the post.
It seems like the exploitation of the accounts didn't leave any trail because the GregOne scanned his computer with McAfee, a powerful antivirus solution that sustained the system is clean. However, another forum member confirmed the problem, sustaining his account was hacked too but with a different type of attack, avoiding to give more information.