True, but hacking an ad network to distribute malware has a much better Return On Investment since it will distribute your malware from potentially thousands of websites, instead of just one.
The same reason why exploits for Windows and Windows software are more common than for other desktop operating systems.
When I visit cnn.com without ad-blocking, I receive content from 41 different domains: with ad-blocking it's 7.
So without ad-blocking I am putting my faith in the operators of 7 domains that none of their servers have been compromised to serve up malware. Most of those domains don't operate as a service that intentionally lets fourth-parties serve up arbitrary content.
With ad-blocking I have to trust that 41 domains, some of which will be serving up fourth-party content without curation, will not serve up malware. I don't even know ahead of time whose servers I'll be visiting, so I can't try to estimate how much risk I'm exposed to.
I disagree. You can't just get malware by visiting a website and taking no action. You don't /really/ have to trust those 41 domains, you trust that CNN knows what there doing by using all those services and monitors them regularly.
Citation needed on malware not being able to be installed without user interaction!
I don't trust CNN to monitor those 41 domains. I don't expect CNN to monitor those 41 domains. The very point of an ad-broker service that allows the highest bidder to inject their own content into a website is that CNN doesn't know ahead of time who's going to provide the content for a particular view.
If a website uses an ad-broker which permits - or can be tricked into allowing - adverts which aren't just simple static content - e.g. allowing javascript, SVG, web fonts: anything which might have browser bugs exploitable by malware - there could be a problem.
This is an excellent point: how on earth can publishers be happy with this? Every time I see either the face peel / belly fat advert, or the component with a grid of so-link-baity-its-parody ads in it, I think less of the site I'm on. It doesn't matter how prestigious your name, if you associate it with the scummiest content in the universe, prepare to cop some flak.
