A report published by Google shows increasing trends in searches that pointed to malicious content. The report also found that Internet advertising is leading to malware distribution.

Niels Provos, a security engineer at Google, said that since Google began tracking malicious Web pages, more than 3 million unique URLs have attempted to install malware. Google began tracking malicious Web pages only a year and a half ago.

Provos also stated that 2% of malicious Web sites were delivering their malware via advertising. “[O]n average, 12% of the overall search results that returned landing pages were associated with malicious content due to unsafe ads,” the report says. Provos alleges that advertising networks are to blame. Due to ad syndication, a single ad goes through several advertising partners. Each piece of this chain can become vulnerable poisoning the ad as it speeds along the network.

In many ways, these vulnerabilities go back to poor patching or the use of outdated server software technologies. For an example, 39.9% of the malware distributor servers who use PHP scripting were using older versions with known security vulnerabilities.

According to the report and Provos, online advertising is not entirely to blame. 1% of all search results contained at least one entry were the content was malicious in nature and the trend seems to be growing.