Here is a typical example of a compromised web page. Due to a bug in a web application like phpBB2, Moveable Type or many others, the adversary was able to insert the following line of HTML into your home page:
All of this with just a single line of HTML. Amazing? Right!
The actual example had some more indirections and also threw in some additional visual basic script plus some other goodies that would have complicated our explanation.