Web sites don't necessarily have to be injected with malicious code (the kind of code that ends up delivering exploits to the user’s browser). In fact we see a LOT of Web sites that are injected with code used for black SEO purposes. This kind of code targets the visiting search engine instead of directly targeting the visiting user with exploits. This is a phenomenon also known as Spamdexing.
When search engines visit a Web site, they also look at the links that the Web site currently links to. Having a reputable Web site (for example CNN.com) link to your site (if you have one) will add to the reputation of your site from the search engine's perspective. The opposite is also true: if a reputable Web site links to a dodgy and not reputable Web site, that won't be good for the reputable Web site and will affect its reputation from the visiting search engine's perspective.
As part of spammers' and scammers' efforts to get good reputation to their cunning Web sites and their customers' sites, take for example Opole.pl: this official and pretty popular local Polish government Web site has had one of its sites injected with rogue links to pharmaceutical Web sites.
The links are hidden from the user's browser (see the screenshot below), and since they have been injected to the Web site, it would probably be as easy to change them or add additional rogue links, like Iframes or scripts that can potentially lead to malicious content.
You might wonder: how common are hijacks like these? They're pretty widespread. The next graph shows the number of compromised/hijacked pages used for black SEO purposes so far this week. Bear in mind that this graph represents only one analytic that we have in ACE for spamdexing hijacks. The numbers are huge and the trend is clear - the bad guys are monetizing from such black SEO activities.
Websense customers are protected from such attacks with our Advanced Classification Engine analytics, our suite of technologies within TRITON.
Snapshot of the Injection in Opole.pl:
The official Web site of Opole Poland - Opole.pl: