After hacking some websites, hackers embed the web Trojan they have written into the homepage of the hacked website and then upload it to the web space. When the browser opens the web page, this code is also executed to run the Trojan.