Browser-based content security policies can be used to detect if webpages are being modified, said RiskIQ's Manousos.
"But a lot of the ad injection companies have found ways around [content security policies]," he added. "Just like anything, it's a cat-and-mouse game."
Meanwhile, corporate employees have yet another reason to be careful when using public networks.
"You should use VPNs, because VPNs will totally protect against this attack," said Manousos. "It creates a secure tunnel regardless of what WiFi access point you're connected to."
RiskIQ offers a solution that can help a website or corporate network detect if ad injection is going on, he said.
Injected ads pose risks to enterprises because attackers can purchase highly targeted placements, zeroing in on individual companies or even individual employees, and hijacking websites that company employees are most likely to visit.
The company doesn't currently block the injection itself, however, though it is considering offering such a service.
Another company that can help is Shape Security.
Shape Security works by constantly rewriting the underlying code of the webpage, making it a hard-to-hit moving target not only for would-be ad injectors but other automated attacks. The company calls this polymorphism.
"If you can break that automation, you can make the ecosystem for attacking websites much more difficult for attackers," said company Vice President Shuman Ghosemajumder.
Google's crack down on browser extensions is a good start but it doesn't address all sources of client-side injected ads and malware, said Chemi Katz, cofounder and CEO of Namagoo Technologies, which offers a service to enterprises that protects websites from all unwanted changes.
"While Google is aware of 192 unique signatures, we are aware of over 25,000 different ones," he said.
Namogoo handles both browser-based and network-based injections, said Katz.
Namogoo's Katz declined to explain how his company's service works, other than to say that website owners only need to add a line of code to be protected.
"The technology comes as part of the page," he said. "It runs silently and identifies any anomalies and blocks them."
It works to protect against injections from malware, browsers and toolbars, as well as from Internet access providers, he said.
And that includes Flash Networks' Layer8, said Namogoo COO Ohad Greenshpan. "Our technology serves publishers and provide them the technology to serve their pages as they intended."
Advertisers need to protect themselves as well. Though the ads can seem like a bargain, disreputable networks are least likely to be protecting against click fraud, and there can be reputation damage when ads are injected into sites where they clearly don't belong, or are overly intrusive.
"If you want to really stop the problem, you have to stop the flow of money," said RiskIQ's Manousos.
Sign up for Computerworld eNewsletters.