Infected web servers
The article "Modern Internet attacks" is provided by Sophos Plc and SophosLabs.
There are several viruses based on altering HTML files and scripts (PHP, ASP and other). Fujacks  and  Pardona families change such files by embedding iframe tags. Both families were designed for the Windows platform, so their scope is limited to a subset of servers. However, because Microsoft IIS  is used by more than 30% of servers, the potential threat presented by these families remains real. It can be proved by the fact that in 2007 SophosLabs detected many pages infected by these viruses. A curious side effect of these viruses is that they also add iframe tags to other types of files (for example, GIF images). Such files are usually secure (the author isn't aware of any graphics software that can interpret the attached tag as an HTML code).