The HTTPS encryption used in both URLs is not allowing users to identify the malicious traffic at the network layer.
The malicious ad has now been taken down, but the damage is expected to be vast due the number of monthly visits to the sites.
The monthly visitors of drudgereport.com are 61.8 million; wunderground.com and findagrave.com have 49.9 million and 6 million users respectively. Yahoo has an estimated 6.9 billion views per month across its network.
Segura said: "Malvertising is a silent killer because malicious ads do not require any type of user interaction in order to execute their payload. The mere fact of browsing to a website that has adverts (and most sites, if not all, do) is enough to start the infection chain.
"The complexity of the online advertising economy makes it easy for malicious actors to abuse the system and get away with it. It is one of the reasons why we need to work very closely with different industry partners to detect suspicious patterns and react very quickly to halt rogue campaigns."
This article is from the CBROnline archive: some formatting and images may not be present.
Join Our Newsletter
Want more on technology leadership?
Sign up for Tech Monitor's weekly newsletter, Changelog, for the latest insight and analysis delivered straight to your inbox.