Iframe-doorway is special kind of malicious injection. In this case, it's not intended to be hidden, but it's purpose is exactly opposite.
It overlays the original page content with whatever malware author wants. This additional content is very often spam and this way, visitors are fooled
and forced to view this content while in fact, they are not redirected and stay on the hacked site.
Spammers use cloaking and various link schemes to make certain pages on reputable legitimate sites to rank for specific keywords. When visitors come
to such pages from search engines, the malicious script creates a window size iframe with from the beneficiary site. Typically such beneficiaries are
online stores that sell counterfeit goods such as pill and fake luxary goods.
Affecting
Any website
Cleanup
You can sign up with us and let our team remove the malware for you.
Dump
This is deobfuscated sample which simply overlays the original content with an iframe which content loads from a distant source:
var IN1=window["document"]["getElementById"]("body");IN1["style"]["visibility"]="visible";IN1["innerHTML"]="<iframe frameborder='0' height='3000' scrolling='no'src='http://www.-----.com/'width='100%'/>";