These days, malware is a business.
20 years ago, when I was in the antivirus business, viruses were written by kids having fun. I even met some of them; some after they were arrested, one at a show (he came up to me and identified himself).
But its all changed. Now, the way that Bad Things are spread, isn't via viruses (self-replicating programs), it's via trojans. The way a trojan works is: bang, gotcha.
So how do trojans arrive on your computer? There's two main routes. One is via email, and I've been discussing this a lot recently. The other is via the web.
We all know that visiting the nasty-mcnasty.com web site could rapidly lead to big problems; sensible people avoid the less salubrious parts of the internet. But some parts of the internet come to you, whether you want them to or not. I'm talking about advertisements.
The advertising ecology of the web looks like this. You have a blog, which is attracting a thousand times more people than this one (my typical post gets a dozen readers, two dozen if it's lucky). And it occurs to you that you might make some money out of this. By accepting adverts. But you have no idea who might be interested in paying you to show ads, so you go to an internet ad broker.
On the other end, you're a nifty entrepreneur with a great product or service to sell, and you want to advertise it, but you don't want to contact hundreds of web sites to negotiate rates and conditions. So you go to an internet ad broker.
And that's why, when you're viewing some site with interesting content, annoying, intrusive and irrelevant adverts keep popping up, occupying your screen and irritating the hell out of you.
I also use a hosts file. What that does, is resolve a long list of sites such as octopusgirl.com (I kid you not, and I haven't visited the site, so I don't know what it does) to 127.0.0.1instead of to 188.8.131.52 which is where octopusgirl.com really is. You see, 127.0.0.1 means "this computer". So for any domain on the long long list that you can get here, if my computer is told to get something from that domain, it doesn't. As a nice site effect, loading web pages is much faster, because of all the junk that I'm not downloading.
You can set up a hosts file for Linux (you edit /etc/hosts), Windows (look in C:\Windows\System32\drivers\etc) or Android. If you can do it for iPhone or iPads, I don't know how. I suspect you can't, unless you "jailbreak" it, which many people are unwilling to do.
So you too can avoid malvertising.