Site owners who encounter these detections on their webpages should investigate the possibility that their site has been compromised.
If the iframe was not an authorized addition, the affected webpages should be updated to remove the suspect code.
The suspect iframe appended to the HTML code contains either:
In the event that the link or PHP file referred to in the iframe is in fact legitimate, please submit the relevant details (and a copy of the PHP file) to our Labs via the Sample Analysis System (SAS) to check as a False Positive.