Some days when I’m wasting time on the internet, it seems like I can’t visit three websites in a row without hitting a fake “you’re infected” scam or bogus browser extension ad. Most of the time these malicious offerings launch on otherwise legitimate websites — or secretly direct your browser to illegitimate websites.

For almost a decade now, a greater number of legitimate websites than malicious ones have been launching malware. The question is how a legitimate website gets compromised in the first place.

The answer: in a number of ways — including nearly every method a PC or mobile device can be compromised, plus a few more.

To read this article in full or to leave a comment, please click here