Black hat SEO

Hackers automatically create pages with popular keywords (breaking news...) based on resources like Google Trends. They create networks of crosslinked bogus pages hosted on compromised, legitimate websites. When a crawler comes along the page is fed to the search engine.
When a user is redirected to the URL by a search engine, the site detects that this is a normal browser access and redirects the user to malware sites.
A paper by Sophos explains the technique.