please forgive my ignorance, if my prejudice is in any way misguided, but i am under the impression that the attack vector, in actual fact, is flash, as i cannot see how a simple image, or even a "normal" video, could possibly compromise a target machine, whereas i understand adobe is full of holes, deliberate or otherwise.
or, to put it another way, i've never seen a machine compromised, to date, after wiping adobe (hack, spit) from the system.
while i'm at it - am i correct to believe the company was actually responsible for jailing a man, a foreign national, without charges, for well over a year, in direct response to his having exposed the insecurity of an adobe "security" mechanism?
You are forgetting a whole class of those malware attempts (not ads, ads are just a subclass of malware) that masquarade as parts of windows, updates, parts of anti-virus programs, nVidia driver updates, etc. You know, the ones that old people can't quite figure out so they click anyway just to be sure.
You don't need a security hole if you can convince the user the malware is legit and should be installed.
The thing is, that type of festering garbage comes through the SAME ad network as the ads for the newest iPhone
It's getting to the point where I am going to have to teach my parents that nothing ever should be clicked on if it happens while they are web browsing. Sitting there looking at MS Word documents, sure, it's probably legit. On a web site somewhere (doesn't matter which one) then no, not legit and is an infection attempt.