I just decided in the last minute that I am not going to write this article you are reading. Instead I am going to copy the links to 2 different video presentations and I am going to leave you with the real experts in this area.
Both presentations are by RiskIQ personnel. If you are currently working in cyber security these videos are a must see for you. They do not only get into the technicalities of malvertising but they also provide you with the context you need to understand the whole advertising business and how it is possible to deliver malvertising.
These are real attacks bypassing perimeter defenses, real cyber security or Internet security. This has nothing to do with malware itself, it is about the delivery mechanisms used by cyber criminals to compromise your organization. This happens on internet and you are subject to experience these attacks everytime you are surfing whether you are in or out of your security perimeter.
Modern Malvertising … – Arian Evans & others – OWASP AppSec California 2015
Modern Malvertising and Malware web-based exploit campaigns – James Pleger – AppSecUSA 2015