I Just read this
It describes how they discovered a bug. They knew this bug would be searched for. So they made a page about it and did some of the standard search engine boosting things to get people to the page.
Now suppose a bad man discovers an exploit. Say “firefox extension update” exploit. Now he creates a piece of malware that exploits this exploit. He also creates a page about this exploit and about the malware that includes a patch. There are so many bleeping computer type forums and such that he does not even need to fake a legitimate looking url. Now he has 2 pieces of malware being spread the exploit and the patch. And google will lead people to the malicious patch.
I doubt the malware would stay up for long but the use of search engine optimiziation to spread malware is probably going to happen.