The “Mpack” attack relies on IFrames, placing them over legitimate websites, which might encourage people to trust the maliciously loaded content. From there, you'd have to allow installation of downloaded software. Mpack is written in PHP, and stores information in MySQL databases – obviously requiring considerably system compromise to make itself available. It isn't by any means a new exploit, being traced back as early as December of last year, according to Panda Labs.
However, the latest string of attacks shows a definite increase in its prevalence It has several iterations of its own code for different browsers, though the article doesn't mention if the most current updated browsers are affected. Of course, only the Windows platform is vulnerable to actual infection. You can download a PDF detailing the exploit from Panda Software's site.