But hovering over one of the Google ad links probably won't show you the target, since it's usually about 450 or more characters in the URL and your status bar buffer ain't that big. If you get a blank, it's probably because the buffer overran and the URL just doesn't display. (You can right-click and "Copy Shortcut" and paste it in notepad if you're curious about what it really looks like.)

And if it does show a target, the target it shows there is to a Google server that isn't the target - the Google server just logs the "hit" (to send Max the cut and to bill the real target) and then does an instant redirect that takes you to whoever pays for the ad hit.

So far as I've been able to decipher, the actual target is just a very long number in a Google list, and there's no clue in the "URL" about where it's going to end up.

Google can pretty much be trusted, since they don't get paid if they don't get you to the real sponsor for the ad; but others could use the same, or very similar, redirect methods if they can induce you to click on an innocent looking link - if they can get the link onto a page that you visit.

You also don't generally get a target you can read on sites that use j-script links. Usually the java links are "local links" within the site, but they can take you elsewhere.

Since you can view the source code for any web page, Ctl-A, Ctl-C gets an almost identical page that can be posted anywhere - as on a malware server. (You might have to create a style sheet or two to make it look really authentic.) If they can get you redirected to their phony copy of a legitimate page, they have a very good chance to trick you into letting them put almost anything on your machine(s) or to get lots of information from you.

Bank, broker, and credit card home pages are favorite kinds for this phony page trickery, and of course they know what bank they "replicated" so if you take the bait and "log in" they've got all they need. Even if only a tiny fraction of people they get redirected to a phony page actually have an account with the place they've simulated, the few who do - and the fewer who log in - can make for pretty lucrative scamming.

Most commonly, this kind of faking appears as links in email, since it costs virtually nothing to send email to lots of people with a good chance that some of them will click the link to your phony page. Invading a legitimate site to place phony links on it - without detection - is a little more work.

MySpace, and other "social networking" sites, where "friends" can paste cutesy pictures and comments with links (to their own page or elsewhere) have a real problem with links to malware. Much of the stuff that's "pasted" is via links to sites that may or may not be legitimate. Sending a comment to someone's personal page is about as easy as sending an email, and an image can contain embedded malware or can link to a malicious site. Many users at such sites (esp in the "personal looking for friends" sections) are so "clueless" they allow the junk "from a friend" they never heard of to be posted on their page and thereby made accessible to innocent real friends.

John