Earlier on this morning I happened to notice a redirect page used in a meds spam campaign that just happened to also be compromised with a malicious script.
You can see the META tag redirect that will instruct the browser to immediately load the page on the target site.
<META HTTP-EQUIV=REFRESH CONTENT=”0; URL=http://[target_site]/”>
Ok, not quite Harry Hill, but I loaded the page with Internet Explorer on a test machine to find out. It appears that the malicious script has precedence over the META redirect, and the iframe payload was delivered. Unfortunately, not a happy ending – infection with rogue security software, pro-actively detected by Sophos as Mal/FakeAV-AD.
Definitely one scenario where you would have been better off with our Canadian Health friends at the end of the META redirect.