Because many of the evildoers present themselves as businessmen from legitimate corporations, complete with corporate headquarters, business cards, and expense accounts, it's not always so easy to separate the legitimate ad sources from the bad guys, who often begin advertising a legitimate product only to switch out the link in the ad to a rogue product after the ad campaign is under way. One of the more interesting exploits involved hackers compromising a cartoon syndicate so that every newspaper republishing the affected cartoons ended up pushing malware. You can't even trust a cartoon anymore.
Another problem with hacked websites is that the computers hosting one site can often host multiple sites, sometimes numbering in the hundreds or thousands. One hacked website can quickly lead to thousands more.
No matter how the site was hacked, the innocent user, who might have visited this particular website for years without a problem, one day gets prompted to install an unexpected program. Although they're surprised, the fact that the prompt is coming from a website they know and trust is enough to get them to run the program. After that, it's game over. The end-user's computer (or mobile device) is yet another cog in someone's big botnet.
Threat No. 9: Cyber warfareNation-state cyber warfare programs are in a class to themselves and aren't something most IT security pros come up against in their daily routines. These covert operations create complex, professional cyber warfare programs intent on monitoring adversaries or taking out an adversary's functionality, but as Stuxnet and Duqu show, the fallout of these methods can have consequences for more than just the intended targets.
Crime and no punishmentSome victims never recover from exploitation. Their credit record is forever scarred by a hacker's fraudulent transaction, the malware uses the victim's address book list to forward itself to friends and family members, victims of intellectual property theft spend tens of millions of dollars in repair and prevention.