Nope, they're victims too
Over the last few days, I've had lots of people asking me questions about the targetted sites, such as Better Business Bureau, with some people thinking mistakenly that the BBB is actually serving exploits to them. That is not the situation at all. BBB (and all the other websites targetted by the scam) had nothing to do with it, and didn't even know their name was being used.
I've also had lots of people asking me what they can do to stay safe from this sort of thing, and the short answer is (1) patch and (2) install LinkScanner (shameless plug). It's actually worth installing LinkScanner even if you do patch because it's nice to know if a website _tried_ to bite you, even if you were not vulnerable.
LinkScanner scans all webpages returned by search engines when you do a query, and the Pro version also scans all tcpip traffic in real time anyway. What this means is that even if a bad web page is cunning enough to wait until you actually try to surf to it to launch the exploit, LinkScanner will still see it and block it.
By the way, we've found some more interesting sponsored links (not google this time), and as soon as we finish documenting them, we'll write about it here.