This is just a page that loads an iframe.
It could look completely innocent, as the iframe would be invisible.
Moreover, since the "framed" page is already cached, no "Loading" signs will appear, making this attack very stealthy.
Here is the iframe, so you can see the attack happen:
';
?>