that IFRAME is loading a page, that executes an exploit, that uploads a trojan... it's much better to redirect to a 3rd party page in case you want to update your exploit code... nasty shit, dealt with something similar a few weeks ago, had to cleanse several thousand pages
