Most people don’t realize that when a major website has been compromised, it means that someone hacked the site and placed a redirect link on the hacked page. The “redirect” sends a small part of the hacked page, called a frame, to the landing page that performs the actual attack. To the user, the page they land on appears to be normal.
An attacker’s desire to draw traffic to a malicious landing page is the same desire that any marketer has to draw traffic to their website. The attacker’s act of generating traffic is divided into campaigns, which are just like any marketing campaign. The links that direct people to the malicious page have identifiers and allow the hacker to determine which technique was used to generate the traffic.