Malicious advertisements are being shown on popular websites such as Amazon, YouTube and Yahoo as part of a sophisticated malware campaign.
Security firm Cisco claims that the ads cause the user to be redirected to a different website, triggering a malware download dependent on if the computer is running Windows or Apple's OS X.
Armin Pelkman, a threat researcher, added that the network has been dubbed "Kyle and Stan" due to those names appearing in subdomains of over 700 malicious websites that the attackers have set up.
"The large number of domains allows the attackers to use a certain domain just for a very short time, burn it and move on to use another one for future attacks," he wrote. "This helps avoiding reputation and blacklist based security solutions."
Cisco did not name the advertising network responsible for serving the malicious advertisements. Although ad networks generally filter out any ads distributing malware, occasionally some are accidentally let through. In total, 74 domains, were serving the advertisements.
When a victim clicks one of the ads, the computer downloads a piece of malware with a unique checksum, making it harder to detect. The download also sometimes contains a legitimate piece of software.
Cisco confirmed that the Kyle and Stan network was originally discovered in May, but that the attacks have since continued.
Pelkman added that it would not be an easy campaign to stop.
"All in all we are facing a very robust and well-engineered malware delivery network that won't be taken down until the minds behind this are identified."