Late last month, we learned that sponsored advertising links on Google can yield malware, but we didn’t know exactly how easy it was to set up a malicious link.

Research Didier Stevens found out. For six months, he ran a Google Adwords campaign advertising, in bold, hyperlinking, underlined text, “Drive-By Download.” If that wasn’t enough, campaign used the following text to sell the ad to Google users: “Is your PC virus-free? Get it infected here! Drive-by-download.com”.

Of course, Stevens is one of the good guys. His page wasn’t the least bit malicious. If that wasn’t the case, 400 more PCs would be infected with malware.

Here, straight from his blog, are the results:

“During this period, my ad was displayed 259,723 times and clicked on 409 times. That’s a click-through rate of 0.16 percent. My Google Adwords campaign cost me only $23 (17 Euros. That’s 0.04 Euros per click or per potentially compromised machine. Ninety-eight percent of the machines ran Windows.”

Allysa Myers at the McAfee Avert Labs blog guessed that some surfers may think they’re immune from links such as this one:

“I also wonder what percentage were clicks from people using browsers or OSs they consider to be immune to such things – I suspect a notable number. Something akin to people driving less cautiously around bicyclists who wear helmets, since they consider those bikers to be better protected.”

Alas, Google cut off the experiment on Wednesday.