HD Moore has a detailed analysis of a site exploiting browsers. It is a good read with detail we don't often see. Including a breakdown of the kind of revenue these sites pull.

Most interestingly it provide a a nice quotation as to why "safe browsing habits" are a load of phooey, something that has always, bugged me about Microsoft's oft-cited remediation.

A common myth is that the only way to get hit by a browser exploit is to visit "bad" web sites. The reality is that it only takes a single line of Javascript code to send your browser off to the darker areas of the Internet. Many respectable web sites are inadvertently allowing attackers to target their users. Just last week, the media covered an example where a MySpace banner ad resulted in over one million malware infections. This banner ad redirected the user to a malicious WMF file, that when opened, installed an adware application. A similar attack occurred on the LiveJournal network just a couple months earlier. In both cases, the web site operators were not aware that the attacks were occurring until someone complained.