Anyway, I remember many years ago when I first saw this thing: a Web site owner makes an agreement with an Advertisement Agency, following the agreement the Web site includes a block of code from the Agency and this code executes and loads content from remote sources.
Originally this was meant to allow the Agency to freely rotating different "ads" in the site without intervention by the site maintainer.
It also meant the site owner and maintainer do not have any way to know and control what is loaded inside their Web site and then on the computers of their visitors.
The root of this issue is back when the Internet was young and the browsers were designed nobody thought executing code from a Web page inside the browser or launching an external application (see "plugin") with full rights to do anything on the computer, could have been a big security risk.
Those "bad ads" are mixed with "regular" ones and come from the well know Advertisement Agencies, then placed in the Web sites you visit every day. It is not something limited to "strange" Web sites.
1. Do not use Internet Explorer. This is the general hint for any sort of Web related issue. It comes from the fact that IE is inferior to other browsers and that it is obviously the first target of any attack on the Web. This also excludes all the exploits that use ActiveX technology.
2. Reduce the number of installed "plugins" to the bare minimum necessary. Always update them to the latest version available. The critical ones are the most used like Flash, Acrobat, Java, etc.
Blocking "ads" can be done in several ways. There are "local proxyes" you can install between your browser and the Internet for content filtering. Those are generally a little difficult. Otherwise it depends on the browser you prefer, Opera has got a "block content" feature and Firefox has got the well known "ADBlockPlus" extension. Both work by loading a blacklist. ADBlockPlus is much more sophisticated than Opera's "block content".
5. Use an antivirus that monitors your Internet connection and what is loaded/executed from inside your browser. I have already posted about Avast 5 which is free. The payed version adds a further module for script analysis, a sort of sandbox, etc, which is probably an overkill for most people. Avira Antivir is simpler and I guess it just detect the installation of bad software, not the "exploiting" before. Probably it is enough. In theory there is also Microsoft Security Essentials but I don't know how it works about this specific threat.