The problem of malware-infected adverts – which are often loaded from external databases – has been well documented in the internet industry, but Alwil says that the problem is now spreading to Google ad serving platforms as well.
The rising problem, the IT security vendor claims, is down to negligence and poor security on the part of the major online advertising agents.
Alwil says that the infected adverts end up infecting innocent users of people visiting leading websites such as Google and Yahoo.
And, the firm adds, because the most compromised services are Yieldmanager.com (part of Yahoo) and fimserve.com (part of Fox Audience Network), more than 50% of online ads could be affected.
The researchers also claim that the list of poisoned ad services is quite extensive and includes advertangel.com, bannerimg.com, jambovideonework.com, myspace.com, vestraff.com and zedo.com.
Jiri Sejtko, senior virus analyst with Alwil, said that the poisoned ad infiltration method is growing in popularity because it does not require users to click on anything. "Users can get infected just by reading their favourite (online) newspaper or by doing a search on popular topics; the infection begins just after the poisoned ad is loaded by the browser", he said.
Avast Virus Labs is making the attack methodology as JS:Prontexi, noting it as a JavaScript attack code that acts as a channel for malware attacks on vulnerable software such as Adobe and a range of other zero-day exploits.
"JS:Prontexi highlights the lack of care shown by advertising services providers to actively screen the content they are distributing", said Sejtko.
"Serving up infected content like this is a double hazard for advertising companies. In addition to reducing consumer trust in their services, they run the risk of being flagged or even blocked by antivirus programs as a source of malware", he added.
According to Sejtko, consumers should not immediately accuse their antivirus program of a false positive when a familiar site gets blocked.
There can be a real danger, he explained, as Avast and Kaspersky both blocked yieldmanager earlier this year because of these attacks.
And, he warned, if these advertising services get too infected, the easiest way to protect users is to block them completely.