Perhaps a javascript to automatically credit the click.
The are popups as well as popunders.
And then there are the popups that launch popups. Some such sites buy expired domain names (or buy soundalikes), direct you to a "search engine" they load onto that page and then do all sorts of nasty things to your computer (that was how I got gator's spyware without ever clicking anything).
Excellent description for the layperson out there.
Really, it's so easy to get a massive inocculation of malware from one simple mistake that I wonder how people who don't know much about computers are able to stay up and going at all.