This article helped me understand the junk/spoofing emails I get. Emails that say things like "You have 2 messages from Fedex" etc. When I looked into them a while ago, the simple javascript redirect was easy to figure out (they all concatenate numbers from an array onto a string and redirect to a string). The redirect is always to a php file, often embedded using bad wordpress installs. The php then does more redirects. At first, I was able to get to the redirect, but lately my crude manual attempt fails as explained by the article: the redirect code goes to pains to filter out "researchers" from genuine spam targets. I think there are two classes of victims, though. Ordinary users like me are the obvious ones, but I think that the many shady business that are presumably paying these malvertising agencies are unlikely to be getting much value for their bucks. Too bad the article doesn't have any information on the revenue return of a malvertising campaign.