IT fail

"websites were loaded with iFrames, malicious scripts"

An IFRAME is a HTML tag, not a (Java)Script, malicious or not. The one can be used to embed the other, however, which is no doubt what you meant to say