Malicious SWF advert captured on NationalGeographic.com
I only have time to post screenshots at the moment - the malicious advertisement can be seen at:
A Google search reveals that the IP address 126.96.36.199 has a history of involvement with malicious banner advertisements:
The SWF itself is being pulled from:
I'll post more specific details in roughly 9 hours time... I won't have time before then to go through the Wireshark capture evidencing the redirect.