It's not new but yet it is. In the security community malicious ads, malvertising, scareware and other names describe a "new" form of attack on users that come through compromised ads at their favorite websites. A nastier form of spyware which has also been spread in this manner some liken it to. By visiting a website, you're served an ad. If that ad is compromised or malicious it can run code on your box infecting your pc, what some have termed "drive-by downloading". These ads can be legitimately paid for but have a malicious payload because the advertising companies don't monitor the ads for security violations, or they can be legitimate ads that have been compromised.

A quick search of Google for malicious ads will send you reading about this phenomenon that's affecting tons of different sites. Many of which you are sure to have visited at one time or another such as the NYTimes or unknowingly hit every day such as DoubleClick. Antivirus does little to nothing to curb this attack vector. For now, it's just a weakness within the design of the way the Internet works.

Here's a quick example of the threat. Sure, you may trust ESPN, and you just don't surf questionable sites. But the question is, do you trust:

• http://a.dlqm.net 
• http://a.espncdn.com
• http://ad.doubleclick.net
• http://adsatt.espn.go.com
• http://amch.questionmarket.com
• http://ar.voicefive.com
• http://b.voicefive.com
• http://broadband.espn.go.com
• http://espn.go.com
• http://games-ak.espn.go.com
• http://log.go.com
• http://static.2mdn.net
• http://streak.espn.go.com
• http://w88.go.com

Never seen them before? Well, your browser has - they are just some of the sites that ESPN forces you to visit/run scripts from by hitting their homepage. I'm sure if we clicked through the site that list would grow as various ads are sent to me. So the quick lesson is, the bigger the site, the more sites they make you visit without most end users even having any clue.

Major powers such as Microsoft and Google are well aware of the issue and doing their own things to combat it. The cyber security community has been watching this for some time now as well. What's interesting and scary at the same time is that the defense for this type of attack is still largely juvenile and not really applicable in a corporate environment. Norton and the major anti-virus players will be happy to sell you additional software to protect PCs from Internet malware, but who wants another 3,000 seat software license installation? No one - it's expensive to purchase and administer.

Tech sites and different browsers have various "how to's" and plugins (NoScript and Adblock for Firefox) that can be installed to prevent or minimize these issues from occurring (i.e. stopping scripts from running without your approval). But the more secure you are to protect yourself from these concerns the more the Internet "breaks" in your browser. Preventing scripts from running without prior consent is what NoScript does - and this would send the average Internet user into break down and give up, thinking the entire Internet was broken because their common websites no longer "work."

There is a definite learning curve to surfing the net securely with these add-ons and knowing when to reduce their security and when not to.

What's the bottom on? Basically, there aren't a lot of corporate level solutions! Time will tell as we see more choices added to the mix.