A security-related site was hacked in one of the most recent mass-defacement attacks. The malicious content being injected into the web pages was changing over time (sometimes a straight iframe, sometimes JavaScript). This is not what you necessarily expect for hacked sites ordinarily pages are injected with a fixed string. But in these attacks, we were seeing various Sophos detections being triggered: Mal/Iframe-GenMal, Iframe-V, Ifram-Gen-F or Iframe Gen-F. In some cases, the malicious payload is hidden within a base-64 encoded string.”]
Source: https://nakedsecurity.sophos.com/2011/10/19/analysis-of-compromised-web-sites-hacked-php-scripts/