Millions of users have been exposed to malvertising through such sites as Microsoft's MSN portal, the New York Times, the BBC, AOL, Comcast's Xfinity, NFL, Realtor, the Weather Network, The Hill, and Newsweek.

According to Trend Micro, Trustwave, and Malwarebytes, crooks have managed to show malicious ads using four different advertising networks which include Google, AOL, Rubicon, and AppNexus.

These ads have hijacked the user's browsing experiences and led them to malicious sites hosting the Angler EK (exploit kit). Security researchers say that most of the time they saw the Bedep malware. Bedep is a clickfraud bot that shows unwanted ads, and hijacks the user's mouse, clicking on the ads and generating revenue for the malware's operator.

The chart below shows the rapid spike in malvertising:



Source: SoftPedia