This is very scary: you visit a web site on an infected computer, and suddenly all the ads (e.g. about data science conferences) are replaced by irrelevant, crappy ads (e.g. about weight loss). For about 0.5 second, you can see the original ads, but they quickly get over-written by the fraudulent content. It impacts display ads, as well as contextual ads on many websites, but only on infected computers, and only (for now, but it's getting worse) when using Firefox (a month ago, it did not impact display ads). Also, I believe that ads served by DoubleClick trigger the virus, as if the virus was trained to recognize these ads and overwrite them. See below an example of ad substitution performed by this virus, on one of our websites when viewed on an infected machine (I love infected machines, you can't believe all the interesting fraud cases you can unearth from them):
The reason why it is very scary, is because in a few months, you will probably see this type of virus (undetected by McAfee and other antivirus software) target bank websites and quickly replace the login/password box with a fake login/password box: the purpose would be to capture your login info to connect to your bank account and make fraudulent money transfers. And you won't suspect anything as the corrupted webpage will look exactly like the real one, and even the URL displayed in your browser's URL box will truly be the real one.
The interesting thing about this fraud case is that for now:
Indeed, in this case, the scammer in question was an ad network in Israel, and here's a screenshot of their website, as of today:
It will be interesting to see how "big data" can help detect these fraudsters. Currently, fraud detection algorithms seem not sophisticated enough (or the risk not high enough) so that these fraudsters can do their business and even advertise it, in broad daylight.