An Iframe virus is a malicious code that infects web pages on websites. These are considered as form of malware. Most of them use iframe HTML code, causing damage by injecting iframe tags into the website. Code may be injected into HTML, PHP, ASP or tpl source files. The virus may make its presence known by scanning for home page files such as index.php, index.html or default.html and inject the iframe code in them. The iframe code is usually found near the beginning on the web page. They may also infect through themes or templates of content management systems. The virus will also modify .htaccess and hosts files, and create images.php files in directories named 'images'. The infection is not a server-wide exploit, it will only infect sites on the server that it has passwords to.
This recent surge in compromised web servers has generated discussions in online forums and blogs. Web malware infections hurt businesses; Google, Firefox, Internet Explorer and anti-virus companies blacklist infected sites, businesses lose revenue and sites suffer damage to their brand and reputation.
An iframe virus is a type of badware. "Badware producers are constantly developing new, creative ways to install badware onto your computer". Badware distribution has been expanded beyond traditional channels like email viruses to harder-to-avoid methods like automated “drive-by downloads” that are launched by compromised web pages.
Iframe variants
Sometimes iframe variants come in the form of JavaScript. iframe tags may not be seen in plain text in the source because it is encoded. If the encoded script code is decoded, it will contain code to invoke iframe via JavaScript.