Does it need a scroll event listener? I would think it would simply regularly
perform the malicious action. Also, what would happen if it placed an anchor at the top of its own HTML and navigate to that regularly? Would the parent page navigate to that iFrame?