iFrames allow webmasters to embed the content of one webpage into another, seamlessly.
There are legitimate reasons why some websites may want to do that - but what cybercriminals do is exploit the functionality (presumably they have been able to gain write access to the website) to deliver malware such as fake anti-virus or a PDF vulnerability exploit to infect your computer.
What's sneaky is that malicious hackers can make the embedded content invisible to the naked eye, by making the window zero by zero pixels in size. You can't see the threat, but your web browser is still dragging it down.
Check out the following video by our own Chet Wisniewski, which shows how malicious iFrames work:
If there's not an "Anatomy of an Attack" event scheduled in your area soon, drop us a note and we'll let you know if and when one is coming to your part of the world.