Every couple of months, one of my family members asks to me to take a look at their computer. It seems like no matter what browser they use, or what security software they purchase, someone finds a way to infect their system with malware. Malware has become a fact of life for most Windows users and no amount of careful browsing or antivirus protection seems to make much difference.
Although banner ads are one of the more effective ways to attack a user, there are stealthier techniques available that an average PC user will never notice. Most web site visitor tracking programs use a script include tag to load client-side code from the tracking service provider. The browser will connect to the service provider, download the tracking code, and then execute that code in the context of the current web page. This technique is completely transparent to the user and provides an efficient method of tracking web site usage statistics. The same technique can be used by attackers to exploit browser flaws and trigger a malware installation.