BTW what tool did you use to identify these files? avast doesn't tag the IFrame's as exploit (per se) because it's generally not true.
Quotation fro usenet with which I totally agree:
>As I have said often enough, the name or term "IFrame exploit" is
>meaningless. You may consider it a poor design decision, but the
>so-called "IFrame exploit" that some products detect is not an
>exploit at all. It is an IFrame doing exactly what IFrames are
>designed to do. The exploit such detections refer to has _always_
>been an Incorrect MIME HEader exploit. It has been especially taken
>advantage of through use of an IFrame, but as I have also said often
>enough, many products that (claim to) detect exploits of the
>"Incorrect MIME Header" vulnerability are actually very limited in
>their detection and typically will only detect such exploits if they
>use (one form of) an Iframe activation method. There are several
>other methods of "activating" an inline attachment but the method
>used in the first publicly posted sample exploit was the IFrame one,
>so guess what most virus writers latched onto (showing their
>generally clueless, script- kiddy natures)? (Worse, guess what most
>of the AV industry missed in its "analysis" of this threat?)
Hope this helps,
Vlk