So remove the code
"Microsoft doesn't know the names of the specific individuals involved, by filing the civil suits in a US court it hoped to uncover the individuals responsible and prevent them from continuing to deploy malvertising."
Lawsuits will do literally nothing to stop this, just as they've done nothing to stop spam. As the publisher of these ads, Microsoft, and Microsoft alone, has the power to eliminate or massively reduce this threat (yes, I'm ignoring end-user methods such as NoScript because few "mainstream" users will use such methods).
1. Make it clear, in no uncertain terms, that the banner is an ADVERTISEMENT.
3. Remove all HTML elements (links, images, etc) which point to (or use as their source) executable content (.js, .exe, etc).
Those three steps would go a long way toward getting rid of "malvertisements". Unfortunately, it's extremely unlikely that an ad platform (MSN, Google, etc) would implement these measures because the ad revenue far outweighs the risk to the end user (and virtually no risk to the ad platform).