Malicious iframe loaded from http://chadon.nl/news/ (and many others domains). Used to distribute malware from external web sites while not being visible to the user. The iframe is generally enclosed between a <div style="display:none">
Other domains used in this attack:
Any web site (no specific target).
Google lists at least 4 thousand sites blacklisted due to this iframe
This malware is generally hidden inside the index files.