Website attacks have become a serious business proposition. In the past, hackers may have infected websites to gain notoriety or just to prove they could—but today, it's all about the money. Reaching unsuspecting users through the web is easy and effective.
Malware authors take advantage of this fact. They compromise popular, high-traffic, legitimate websites and redirect users to malicious web pages without the victim's knowledge. This kick starts the infection process, and when people visit these malicious sites, further scripts exploit client-side vulnerabilities.