Recently, client-side attacks through the Microsoft Internet Explorer have increased. In this paper, we present a method to detect and block malware programs resulting from successful malicious iframe attacks. This method can detect malware program execution through distinguishing API sequences of normal execution and abnormal API sequences resulting from an exploit using Win32 API hooks. We implemented MiGuard (Guard against malicious iframes) and performed experiments. The evaluation results indicate that our approach can effectively detect and block malicious iframes. We also believe that our research can help prevent threats of malicious iframes.