Yes, occasionally. It must come from a malicious advertiser. I'm not sure what we can do on our end other than have up-to-date virus protection on our computers.
Drop the malicious ad(s)? Take it to the ad service and tell them to police it on their end or drop them (the service) completely.
One thing you really DON'T want in this day and age is to gain a reputation for serving malware. It should NEVER be solely up to the end-user for protection (**). Site admins have a responsibility to cut serving malware as soon as they are aware their site is a vector.
(**) Why do I say this? Because end-user, client side protection is ALWAYS behind the malware curve. End users bear responsibility for their own machines...this is true. But, that's the final layer in what
should be a layered defense...a defense that STARTS with people not knowingly or willingly spreading malware from servers.
{Tech rant off...sorry}