According to this report from BitDefender, 12% of all malware spreads via “malicious advertising”. While I’ve seen my share of suspicous banners, this still seems like a pretty large percentage.
While the report is very thin on details about this particular issue, my experience is that these are largely “normal” banner ads with some additional flash or java content.
This raises an interesting issue: who is responsible for a PC that was infected via a malicious banner? The owner of the website, for hiring the wrong ad network? Or the company that actually delivers the malware ads to the PC? One thing is clear: the web isn’t getting any safer, despite all improvements in OS and broswer security we’ve seen in the past years.