Several large websites have been hit by an attack that made them display malicious adverts that led to some visitors being infected with ransomware.
Sites hit included MSN, BBC.com, the New York Times, AOL, Newsweek and several others.
The malicious adverts were piped to the sites via four separate ad networks, say security researchers.
The attack was aimed mainly at people browsing these sites in the US.
Reports from three security companies detailed the attack that sought to get its malicious adverts displayed on more than 13 separate sites, many of which have millions of visitors every day.
Analysis by Trustwave researchers suggested the attack managed to put ads on so many sites because the perpetrators behind it gained ownership of a web domain that used to supply legitimate adverts.
The former owners of this domain did not renew it in January, letting it fall into the hands of the criminals.
"This provides them with high quality traffic from popular websites that publish their ads directly," wrote Daniel Chechik, Simon Kenin and Rami Kogan in a blogpost.
Researchers at Malwarebytes and Trend Micro found several other domains being used to supply the booby-trapped adverts.
The ad networks involved have been informed about the malicious adverts they are inadvertently supplying. Some have already taken steps to stop the malicious adverts popping up.
Anyone clicking on a malicious advert was taken to a separate page that attempted to infect them with either a variant of ransomware known as Cryptowall, or a trojan that gave attackers remote access to their computer. Both attacks only worked against Windows computers.
To avoid falling victim to future attacks, people should uninstall potentially unsafe programs such as Flash, Java and Microsoft's Silverlight, that cyber thieves regularly exploit, said the security firms. In addition, they said, users should make sure they keep their web browsers up to date.