I tried to flag a deceptive "Start Download" ad of this kind by clicking on this button a few days ago (which appeared on a site I run, annoyingly). The form I was required to fill out needed me to say where the link in the ad took me. So I"m supposed to click on the link in an ad which is pretty plainly attempting to install some kind of malware, in order to be able to report it? I'm supposed to either be 100% confident there's no vulnerability in my browser, or set up some kind of VM to test with, just in order to report a single, obviously malicious ad?
I just tried it on the getpaint.net site (mentioned elsewhere itt) and it only had an option box set with three options: inappropriate, repetitive, irrelevant.
But you could just right click and copy the ad link. The link would point to the ad network (e.g. googleads.g.doubleclick.net/aclk), but it would be better than nothing. Also, many ads include a domain, sometimes in a tooltip, and usually just the tld, but again, better than nothing.
