Yes, it's a well-crafted attack.
Often, the i-frame or script code injection is not the fault of the web site itself, rather, the web hosting server where the vulnerability lies, giving the hacker root access whereby the malicious code can be injected into all of the HTML pages, as shown in your example.
Using IE to watch the pages load, we see the malicious domain being loaded by the I-frame you post:
...
That domain has been taken down, so we can't see how the actual exploit works. Most malicious sites these days have an exploit pack, a group of exploits looking for a vulnerability in the user's system when redirected to the malicious website.