The standard iframe hack is already notorious - first for malware downloads, then for parasite hosting of links. Even worse, the hackers have learned to cloak the injection so it's only seen by googlebot, not the webmaster's browser.

This week I've spotted another version. This one isn't cloaked - that would defeat the purpose. Instead the iframe source is a php script that includes an affiliate ID in the query string. The script does a very long-fuse redirect to a page full of ads, styled to look like your vanilla Adwords collection. You will notice it in the browser, but only if you let the window stand open long enough to redirect (about a minute in the cases I've looked at).

So will this cause problems with Google ranking? I'm pretty sure it could. It's the very definition of a "sneaky redirect". Not only that - if someone has hacked into your server, they can play any games they want from now on until you patch the security hole.

These new iframe injections are easy enough to spot, if you review the source code. Especially check your high ranking pages, they seem to be the target.

So if a page has taken a rankings dive and you can't figure out why, definitely review the source code. Do it from your own browser, and just in case, also use the Fetch as googlebot tool in WMT, so you can spot any cloaking.