jimbeetle - 2:58 pm on Jul 19, 2010 (gmt 0)
There's a heck of a lot of this going around.
Have your friend contact the host and have them check the site and clean it if necessary.
Might not necessarily be the case here, but many attacks the past year or so have come from keyloggers on local machines, especially the iframe injections. Have your friend do a deep anti-virus scrub and also a deep cleaning with something like malwarebytes.