Stevens created an advertisement on Google AdWords offering users the chance to infect their PC with malware simply by clicking on a link.
The ad stated: 'Is your PC virus-free? Get it infected here!'. The ad was displayed 259,723 times and 409 people clicked on the link.
The site contains no malware, but security experts warned that similar methods are used by hackers to get users to visit sites containing viruses and malware that infect the user's machine.
Stevens ran the ad for six months for around $23, which means that it cost only six cents per click or per potentially compromised machine.
"I designed my ad to make it suspect, but even then it was accepted by Google without problem and I got no complaints to date, and many users clicked on it," Stevens wrote on his blog.
"Now you may think that they were all stupid Windows users, but there is no way to know what motivated them to click on my ad. I did not submit them to an IQ test."
Lenny Zeltser, a security consultant at Gemini Systems, said: "Perhaps there is no need for attackers to create advanced redirection chains or elaborate deception schemes. As Stevens's experiment confirmed, people will click on anything."
Google has since disapproved and removed the ad, stating that it violates AdWords editorial guidelines.
Latest Tesla news: Tesla stock price tanks amid reports of 'widening probe' by SEC and claims the base Model 3 loses money
SEC 'probe' takes its toll on Tesla as new research suggests that Tesla loses $6,000 on every $35,000 Model 3
10nm Cannon Lake Core i3-8121U CPUs make a rare outing with Intel's NUC mini PC
'Notorious' Australian child hacker thought he had executed 'flawless' hack
The former employee says that Tesla fired him for bringing the accusations to management internally