"There are millions of ads being served and there are multiple ways that hackers can modify their ads to bypass detection," he said.
For example, a malicious ad might seem legitimate at first, but only manifest as evil several days later, or only once for every 20 or 30 loads.
That means that advertising networks need to keep a close eye on their ads for as long as they are running.
"And it will reduce their performance and hurt their ability to scale," he added. "They know they have this problem and don't have a solution yet."
Meanwhile, the only way for users to protect themselves is to keep their antivirus up-to-date and hope that the hackers aren't using a zero-day exploit.
Sign up for Computerworld eNewsletters.