Tens of thousands of people could have been caught out by cyber criminals who put booby-trapped adverts on popular webpages.
The criminals racked up the victims by compromising the computers used by ad firm Unanimis to display adverts to popular websites.
The ads appeared on the websites of the London Stock Exchange, Autotrader, the Vue cinema chain and six other sites.
Unanimis said it moved quickly to pull the adverts once they were discovered.
It said it was now investigating how the criminals managed to inject their booby-trapped ads into its feed.
David Nelson, operations and IT director at Unanimis, told the BBC that security alerts revealed the existence of the booby-trapped adverts at 1800 GMT on 27 February.
Clearing out the adverts took about three hours, said Mr Nelson.
A preliminary investigation revealed that "unauthorised access" to the ad servers allowed the criminals to inject their malicious code.
Mr Nelson said Unanimis was still investigating how the criminals got access as the firm has security systems in place that check adverts are safe before they are distributed.
"The [adverts] they chose to modify were not being widely distributed," said Mr Nelson. This, coupled with the attack taking place on a Sunday evening, limited how many people fell victim.
"We have to count ourselves lucky in some respects," he said.
The bad ads exploited vulnerabilities in software used on Windows PCs to make it look like a machine had been hit by a virus.
Then it displayed a bogus diagnostic screen telling users that their PC was infected. It asked for payment to remove the "infection".
Mr Nelson said it was still trying to work out how many people had seen the booby-trapped ads.
He speculated that a "few percent" of Unanimis audience would have been hit. He declined to identify all the sites that had shown the adverts but said all those affected had been informed.
Patrik Runald, senior research manager at Websense, said its analysis suggested a lot of people had been caught out.
"We believe that quite a large number of sites were showing these adverts," he said, adding that the number of victims could be in the "tens of thousands".
The criminals behind the bad ads typically loaded their attack tools with code that exploited many different vulnerabilities in Windows programs.
Java and software from Adobe was becoming a favourite among hi-tech criminals, he said.
Mr Runald said cyber criminals liked to subvert advertising systems because it was a good way to get their malicious code put on popular sites with only a little effort on their part.
"Such malvertising is reasonably common," said Mr Runald. "It does not happen every day but it does happen every month or so."