Cory Doctorow, su Boing Boing:

To do this, they made tiny alterations to the transparency values of the individual pixels of the accompanying banner ads, which were in the PNG format, which allows for pixel-level gradations in transparency. The javascript sent by the attackers would run through the pixels in the banners, looking for ones with the telltale alterations, then it would turn that tweaked transparency value into a character. By stringing all these characters together, the javascript would assemble a new program, which it would then execute on the target’s computer.

La pubblicità va bloccata non perché è brutta a vedersi, ma perché è l’unico modo di navigare il web che non comprometta la propria sicurezza e privacy.