PHPやASP、HTMなどにiframeを入れるウイルスだそうです

This memory-resident file infector infects script files, such as .PHP, .ASP, and .HTM, by inserting a malicious iFrame code. Trend Micro detects infected scripts as HTML_IFRAME.NU.

Search - Threat Encyclopedia - Trend Micro USA