Feb 11, 2015 · 2 minutes

Chinese hackers are believed to have taken the worst part of Forbes’ website — the page that displays a “Thought of the Day” alongside some advertisement or another — and used it to distribute malware to a relatively small number of the website’s many daily visitors.

Forbes said in a statement to the Washington Post, which first reported on the hacking, that it discovered “no indication of additional or ongoing compromise nor any evidence of data exfiltration” during an internal investigation into the attack in December 2014.

The Post reports that the attack took advantage of two zero-day vulnerabilities -- one in Adobe Flash, the other in Microsoft’s Internet Explorer -- to conduct the attack. It’s not yet known who the suspected Chinese hackers were targeting with the three-day hacking.

The episode highlights a basic truth: sometimes the most annoying aspects of the Internet make consumers the most vulnerable to outside attack. It’s almost like the hackers wanted to rub salt in the wounds caused by having to see the damned interstitial in the first place.

Comcast did something similar when it started injecting advertisements into the Web browsers of consumers using its public Wi-Fi service. Besides annoying anyone using its networks, this decision also makes people vulnerable to attack, as Ars Technica reported:

Seth Schoen, the senior staff technologist for the Electronic Frontier Foundation, reviewed the data pulled by [Contextly founder Ryan] Singel and said that ‘there ended up being JavaScript in the page that was not intended by the server.’

Even if Comcast doesn’t have any malicious intent, and even if hackers don’t access the JavaScript, the interaction of the JavaScript with websites could ‘create’ security vulnerabilities in Websites, Schoen said. ‘Their code or the interaction of code with other things could potentially create new security vulnerabilities in sites that didn’t have them,’ Schoen said in a telephone interview. Unwanted advertisements, whether they’re displayed by a media company that wants to make its website unbearable or a telecoms juggernaut that likes to screw over its customers, aren’t just irritating. They’re also security risks — and they’ll be hard to avoid.

Or Comcast’s will, anyway. It’s pretty easy to avoid malware spread via Forbes’ interstitials: just never visit the publication-turned-blogging platform ever again. You might miss out on the “Thought of the Day,” but your computer (and your brain) will thank you for it.