It usually comes about because of poor security and that is primarily down to your blog provider. They should be using the latest software that doesn't have any known security vulnerabilities that can be exploited.
And you too can play a part as there must be a password (not less than 8 characters of mixed case and alpha numeric to make it harder to crack) that you have to enter to modify the site or upload pages.
The most common sites to be hacked are ones that use PHP and it is frequently because the software isn't up to date. This is normally injecting code into a page, most commonly an iframe tag that executes a file or directs the visitor to a site where they will be infected. There are now automated bots that trawl the internet looking for vulnerabilities that can be exploited, if found they may even be able to automate the hacking too.
So you should really address this to your blog host.