CryptoWall is being spread by malicious advertisements on more than two dozen websites and is using browser-based exploits to infect computers.

Security firm Proofpoint discovered the malicious advertising and had an impact on visitors to at least 22 popular websites including Yahoo’s Finance and Fantasy Sports sites, realestate.aol.com, theatlantic.com, 9gag.com and match.com.

The Proofpoint researchers said: “All told, more than 3 million visitors per day were potentially exposed to this malvertising campaign."

The sites themselves were not compromised, instead the attackers managed to push the malicious ads through at least three major advertising networks and exchanges including Rubicon Project, Right Media (now Yahoo Ad Exchange) and OpenX.

Its estimated by Dell SecureWorks that CryptoWall has infected more than 600,000 computers between March and August, earning cybercriminals over US$1 million.

The researchers said: “It is clear that site owners and ad distributors need to invest in more advanced tools to detect malicious advertisements that are embedded in the ad stream. In particular, site owners cannot and should not assume that the ad networks are taking care of this for them, and should proactively seek tools for online brand protection.”

Some browsers like Google Chrome and Mozilla Firefox allow users to enable click-to-play for plug-in based content, which can stop the automatic execution on exploits that target browser plug-ins.