Video explains how HTML iFrames are used to preform drive-by download attacks.
An inline frame or iFrame is used to embed multiple webpages into a single page. Criminals are using this feature to embed malicious code from remote sites into seemingly innocent webpages in order to attack your machine and install malware. This kind of attack is called a drive-by download attack because you drive to a website and without your knowledge the attack code is downloaded to your computer.
Fortunately installing anti-virus software and keeping your web browser current with all patches and updates will greatly reduce the likelihood that you will be infected by these attacks.
(An iFrame is used to embed the video in this post)
More Information: How to avoid malware.