Yet another reason (as if you needed any more) to keep your anti-virus and anti-malware programs up-to-date.
Even mainstream websites can (indirectly) be a source for malware and “drive-by” attacks, when the ad service includes an advertisement with malware attached.
See the article on arstechnica.com, My browser visited Weather.com and all I got was this lousy malware for more details.
Millions of people visiting weather.com, drudgereport.com, wunderground.com, and other popular websites were exposed to attacks that can surreptitiously hijack their computers, thanks to maliciously manipulated ads that exploit vulnerabilities in Adobe Flash and other browsing software, researchers said.
Malvertising is a particularly pernicious form of attack because it can infect people who do nothing more than browse to a mainstream site. Depending on the exploit, it can silently hijack computers even when visitors don’t click on links.
Note, too, the closing sentence in that article:
There’s no indication the attacks were exploiting vulnerabilities in fully patched software. That underscores the importance of installing security updates as soon as they become available.