The hidden and obfuscated piece of code in the Opera Portal homepage inserts an IFrame that loads malicious content from an external source. If the Opera user hasn’t changed the default homepage, active malicious content is loaded from a third-party website (g[removed]750.com/in.cgi) whenever they open their browser.