It would be entirely possible to force a user to visit a malicious site. It's called a pop-up. We see them all the time.
But you aren't forcing the user to visit the site that initiates the popup thus you can't _force_ the user to visit the infected site. If you have that much control over the initial site that you can make it initiate the popup then why wouldn't you just insert the jpg in the initial site. Your point doesn't seem to make sense..... Am I missing something?