The following video shows the MPac Penetration Kit which is used to inject hidden iframes into compromised websites that make visitors land on a malicious content, which attacks their machine with the latest browser vulnerabilities. The technique that is employed to compromise the legitimate sites is quite lame although it proves that the simplest things work really well all the time. I suspect we are going to see more of these in the future, although attackers technical abilities will get better.