incrediBILL - 3:42 am on Oct 4, 2011 (gmt 0)
The exploit was delivered via an ad.
Yup, just like I said as I've seen it happen a bunch.
The worse case scenario I've witnessed is an ad servers domain expired and a hacker bought it and put the nastiest set of randomly rotating redirected servers into the ad serving mix so it really confused the issue of where it was coming from.
Very random, I found out who was doing it, but it took some serious sleuthing.
Nothing they won't do for money, sad really.