"sniff for HTML in the clear, inject malware, and PROFIT!
Because malware served to you via HTTPS by dodgy ad slingers (which means all of them) is any better? Actually any sites that serve you contents from other sources like ads network is performing a man-in-the-middle attack.
Actually, today is far easier to distribute malware through ads than trying to intercept connections which may require a far higher access to the target network.
Biting the hand that feeds IT
