HostGator site owners said iframe code inserted into their web pages was redirecting users to the malware-laden pages. Company staff made several efforts to reconfigure servers on Friday, only to have the exploits recur. Since the attacker controlled a cPanel account at HostGator, the exploit could be repeated after each cleanup of the malicious code. By early Saturday morning, HostGator managers were assuring users that the cause of the redirections had been isolated, and was due to a new exploit targeting cPanel.