It's highly likely that these malicious ads appear throughout the Google network, including in Gmail, and they may also show up on sites like AOL and Ask.com that are advertising syndicates.
Geeze, they forgot to mention every site running Adsense or YPN. Where does all this leave the typical webmaster running Adsense. Aren't we responsible for the ads that are shown on our site? As it is now we have two choices. Make the conscious decision to stick with Adsense, knowing that we could be unleashing something like this on our users and face possible legal action; or leave the program. It would be nice to have more choices. I would be better able to police my sites if there were some sort of 'verified IP' where I could click away on the ads my own sites to check them out.