[dspillett]

> they can still deflect blame to the ad network

Agreed. But it is at least far easier to definitively prove that they are the reason the malware was delivered to a given user. It is perhaps a naive hope, but maybe that and the threat of potential bad publicity (or just being more likely to be included in popular "bad host" block-lists) will encourage a little more due diligence.

> You're greatly overestimating how much publishers care about security.

Oh, my expectations are low. I think more that I'm looking for/at things that might force them to care more than they currently do.