"It worries me that I am seeing complaints about malvertizing-like symptoms all over the net implicating - not only Newsweek, but at other big name sites like MSNBC, Facebook, lime.com, Hotmail, MySpace and Yahoo," Sandi Hardmeier, of the Spyware Sucks blog wrote here. Hardmeier said the ads are extremely hard to spot because they can sit dormant for days before the attacks begin. The use of multiple affiliates to buy and sell online ads also makes it hard for sales staff at established websites to separate legitimate ads from those that are designed to defraud or attack.

http://www.theregister.co.uk/2008/08/18/malvertizing_epidemic/

"Illegitimi non carborundum". FlashBlock and NoScript extensions of Firefox allow one to block plugins (such as Adobe Flash [used for malvertizing]) even on "trusted" sites.

DH

I would expect that at least in some cases plug-in media can play with no user action (click) required and a number of plug-in media types may or may not contain scripting which could run also without clicking.

DH