The risk of malicious ad networks infecting end users has been detailed in research presented at the virus Bulletin conference.
The research by Bromium explained how a malicious ad network on YouTube would deliver obfuscated JavaScript code through Flash movies. The code added an iframe to redirect users to a malicious URL serving the Styx exploit kit, a well-known banking Trojan.
In the past six months, the percentage of malicious pages detected on YouTube has decreased overall, even as more Trojans have been created, which suggests attacks have improved in obfuscating malicious content.