I don't know why you're implying malvertising only hits random jackasses. Google has been hit several times by exploit kit-based attacks over the last few weeks.
I was throwing Google in the jackasses pile, in the context of building their whole business around an advertising model that has their potentially insecure code/assets inserted into the vast majority of all websites. Maybe they're not random jackasses though.
But seriously, the whole infrastructure of our online ad system just feels like a terrible idea to me. Advertisers want their analytics data from having all the requests hit their servers though, so it's not going anywhere unless Patreon and similar catch on in a big way.
Has Google actually served exploits, or is it just their selling ads for fake downloads of Firefox, VLC, etc with malware in the installers?
Google Adsense/Adwords (I always mix up the two, really host/advertiser portals to the same service) isn't the same as DFP (formerly doubleclick) which does open things up to affiliate networks and isn't as tightly controlled.
Google ads linked to site that contained a malware laden download of google ads directly served an exploit? The parent is talking about the latter, which I have not heard of happening to Google. Do you have a link about that?
I do remember hearing about the ad for a third party Firefox download bundled with a malware toolbar. Which, while bad, is quite different.
