BBC, MSN, New York Times, AOL and Newsweek are among the other affected sites have been invaded by malicious ad attacks.
BBC reports that the malicious ads were piped to the sites via four separate ad networks, say security researchers.
The attack is said to have been aimed at US-based users, some of whom have been infected with ransomware.
Analysis by Trustwave researchers suggested the attack managed to put ads on so many sites because the perpetrators behind it gained ownership of a web domain that used to supply legitimate adverts.
The former domain owners “TrustWave” failed to renew their ownership rights, allowing it to come under the control of cyber criminals.
Anyone clicking on a malicious advert was taken to a separate page that attempted to infect them with either a Cryptowall ransomware or a Trojan that gave attackers remote access to their computer.
Ransomware is a type of malware or malicious software that has become increasingly common. It steals your files and data, encrypts it, and then asks you to pay money to get it back.
“To avoid falling victim to future attacks, people should uninstall potentially unsafe programs such as Flash, Java and Microsoft’s Silverlight, that cyber thieves regularly exploit,” said the security firms.