Of course..
Of course, it could never happen to El Reg, could it?
Oh wait... http://www.theregister.co.uk/2004/11/21/register_adserver_attack/
Some of the web's bigger websites were flooded with a torrent of malicious banner ads after cyber crooks managed to sneak them onto syndication services operated by Google, Yahoo, and a third company, according to a security firm. The ads - which attacked previously-patched vulnerabilities in Adobe's PDF Reader and Microsoft's …
AdBlock + NoScript = WIN.
Also,
>""With DoubleClick ad management, publishers are in control of what content they are serving and are therefore ultimately responsible for determining what advertising appears on their site,""
Yes, no wonder the facetious git didn't want his name used. Is he seriously claiming that there's an option in the publishers' googleads account settings for "Include malware banners (Yes/No?)" and it's all the publishers' fault for having left it on instead of off? Because he certainly *sounds* like he's saying it's all their fault for having *chosen* to get malicious ads from google's advertising network. No wonder he didn't want to be named, he knows how stupid he must have sounded.
"He went on to say that DoubleClick does employ a security monitoring system that screens all ads, and in cases where it identifies problem banners, they are pulled immediately."
It's a shame he didn't go on to apologise for this system being a useless sack of shit that's not fit for purpose. An existing Trojan targetting an old vuln and they *still* didn't spot it? You could forgive 'em not picking up the odd zero day, but this?
Doubleclick were always greedy scum peddlars. Being owned by Google doesn't make them any more than Google-branded greedy scum peddlars. They've been blocked on my router for some years now and I've still seen nothing that would make me think about changing this (notwithstanding that the whole "getting off my arse and doing it for no benefit" bit is unlikely to happen in any event).
I have to echo the above comments about the goodness of AdBlock Plus and NoScript. I've been running both for a couple of years, and I've yet to experience a "drive-by download" type infection. I wish our IT manager would make that setup mandatory for all web browsing here.