Technically, this guy is only mostly right. The malware wasn't ON the AD web site. It came through AD. Google doesn't put malware on the site. The people who actually own the site (the hosting service), and/or the people who administer the site can unknowingly allow malware, or place malware...