I noticed yesterday that hackers appear to have started using an iframe based widget I built on web sites they are defacing. What should I do? And what might the implications be? I'm worried about Google's reaction to my content being liked to hacked pages and perhaps odd linking activity even though it's an iframe...
That's a tough one and I understand why you'd be a bit concerned.
If it's possible to get all "real users" to change their iFrame src="" URL, I'd probably be inclined to rename the iFrame page, have "real users" update their src URL, then 410 the current URL being used on hacked sites.
If that's not possible, then it gets more complicated to try and fix.