The life cycle of this thing apparently works like this:
1. User clicks on AdWords or Google advertising result.
2. An intermediate link along a chain of redirects to the "landing page" for the ad installs malware using an exploit of Microsoft Internet Explorer.
3. The malware runs on the user's machine, collects credit card info and such, and sends it somewhere.
4. The malware also attempts to find out if the user's machine has a Google AdWords account.
5. If the user's machine has a Google AdWords account, the malware connects to Google AdWords and buys more AdWords.
6. The AdWords the malware buys use intermediate links to sites that install the attack.
1. User clicks on AdWords or Google advertising result...
Wash, rinse, repeat.
These attacks are getting smart enough to go into business for themselves.