They’re back—attacks that use booby-trapped Web ads to install malware on the computers of unsuspecting visitors.

So-called malvertising works by paying advertising networks to display banner ads on legitimate websites. Malicious code snuck into the ads then surreptitiously exploits vulnerabilities in browsers or browser plugins. The result: merely browsing to the wrong site infects vulnerable computers with malware that steals banking credentials, logs passwords, or spies on users.

Malvertising never went away, but it did become much less common in the past few years. Thanks to dramatic improvements in browser security, malvertising was replaced by more effective infection techniques, such as phishing, malicious macros in Microsoft Office documents, and tricking targets into installing malicious apps that masquerade as legitimate software.