It seems to be that ads served by the SD are the source of the malware people see on this site, and the SD claims that it is a victim of malicious advertisers. What if the SD insisted that ads be a simple image only, with no dynamic content, and enforce this through technical measures (e.g. a GetAdvertisement(currentUser) method that verifies that the ad that it is returning is a simple image and/or text)?
Man, of all the days to be asking this. 
I’ve got a Christmas dinner to prepare – and the rest of the staff has family obligations, etc.
We’ll get back to you later. The short answer is that you don’t fully know the situation. I’ll be back tomorrow and we’ll sort this out, hopefully to your satisfaction.
Happy Holidays, everyone.
Here’s a bit of outside reading:
http://www.usatoday.com/tech/news/story/2011-10-31/corrupted-ads/51048084/1
It’s a huge problem. It’s not just us. The incidence of these threats is increasing.
As a proud member of the SDMB Malware Recipient Club, I am absolutely dying to know what the full situation is.
But this has been going on here for ages. Time after time, people with actual tech knowledge have given advice on how to curtail the problem, yet the best response to date is to ban IPs?
Why don’t you switch to an advertising network like The Deck?
http://decknetwork.net/
They do single, targeted ads rather then the standard shotgun approach.
They are proof that advertising doesn’t have to be intruding and excessive.
But do they pay as much as the current ad providers? I think that’s the [del]only[/del] primary concern.
Maybe those people could better spend their time helping the top 500 websites that have the same problems that we have.
Did you even read the articles ?
Perhaps the SDMB is trying to get the most bang for their buck so that they will stay in business and we can keep posting, you reckon?
By giving their visitors malware?
If more folks paid, they may be able to afford better.
Am I sucking up enough, Twicks? 
No. Keep at it; you might convince someone.
I don’t get infected, mainly because I use Linux I think, and I NEVER click on ads, and I rarely enable JavaScript. I also don’t have Flash, or any Flash-equivalent (that I know of) installed here, or at least, it isn’t enabled.
I am wondering this: Do infections happen when a user views a SDMB page with a mal-ad in it? Or does it only happen when a user actually clicks on the ad? I sure don’t see much advertising on SDMB even though I’m a “guest” user, and what little I do see looks like simple plain-text stuff.
TubaDiva, does SDMB get paid simply for displaying ads? Or do you get paid when your users click on those ads and the advertiser sees SDMB is the referrer? Maybe you make your money even if your users all run Ad-Block, or maybe you only make some money when users actually see and click the ads? Depending on which is the case, I think it could make a lot of difference what strategy and importance SDMB assigns to the problem.
Malware can get in without clicking on any ad, yes. AV Protection 2011, for example, apparently propregates by altering a page’s code and is able to install itself without triggering a “are you sure you want this to modify your system” prompt.
WAT? There is a program called ‘AV Protection 2011’ that is actually a blankety-blank VIRUS?
Why do these things even exist? Who makes money off of them?
:mad:
Technically malware but, yeah. Got hit by it myself while visiting a Tropes page.
It’s one of those things that generate false virus reports and try to get people pay to “remove” the “viruses”. A similar thing was hanging around the SDMB a while back.
The Mob, apparently.
“Organized crime gangs have streamlined the process of sneaking viral ads into the distribution system run by advertising networks, causing billions of tainted ad impressions to appear on the top 500 websites over the past 12 months, say technologists and security researchers.”
What, you expected that virus writers would call their programs stuff like ‘nastytrojan.exe’?
I don’t care about the 500 other websites that have the same problem. I visit this site. If I visit any of those other 500 websites and have an issue with them doing nothing more than banning IPs after people have given suggestion after suggestion on how to fix the issue, then I’ll bring up the same complaint I’ve brought up here. Until then, what is THIS board going to do to curtail the problem THIS board is having?
It’s called “scare ware”. Pretty nasty. I got hit with one a year ago.