It found that the code was often contained in those parts of the website not designed or controlled by the website owner, such as banner adverts and widgets.
The ethics of online advertising aside, you'd think it would be counter-productive to get identified as a company that peddles malware. Then again, peddling adware is par for the course and apparently very profitable. Malware is just one step further. Given the sheer number of sites that depend on ad revenue to stay afloat, perhaps 10% isn't that surprising of a number. It's still sickening.