It seems the site is still under some kind of attack. I started my computer and came directly to this site, it was slow to load and I noticed on the lower left corner of my screen it was waiting on an odd URL with the F word in it, something like "www.f*ckthecrisis". As soon as the page loaded, my antivirus went nuts and caught 3 bloodhound exploit files.
The virus name is being reported as Bloodhound.Exploit.193 and it is a .swf file named inEt[1].swf.
It definitely came from a ad type of redirect from this site.
*edit*
Found it in my IE history, it is www.****thecrisis.biz, definitely a hack site stocked w/ viruses.
Domain Name: ****THECRISIS.BIZ
Domain ID: D32529972-BIZ
Sponsoring Registrar: REGTIME LTD.
Sponsoring Registrar IANA ID: 1362
Domain Status: ok
Registrant ID: CO513949-RT
Registrant Name: Anton Robin
Registrant Organization: Anton Soft
Registrant Address1: Kolitina 16-4
Registrant City: Moscow
Registrant State/Province: Moscow
Registrant Postal Code: 193009
Registrant Country: Russian Federation
Registrant Country Code: RU
Registrant Phone Number: +7.4956788435
Registrant Email: *************@pochta.ru
Administrative Contact ID: CA513949-RT
Administrative Contact Name: Anton Robin
Administrative Contact Organization: Anton Soft
Administrative Contact Address1: Kolitina 16-4
Administrative Contact City: Moscow
Administrative Contact State/Province: Moscow
Administrative Contact Postal Code: 193009
Administrative Contact Country: Russian Federation
Administrative Contact Country Code: RU
Administrative Contact Phone Number: +7.4956788435
Administrative Contact Email: *************@pochta.ru
Billing Contact ID: CB513949-RT
Billing Contact Name: Anton Robin
Billing Contact Organization: Anton Soft
Billing Contact Address1: Kolitina 16-4
Billing Contact City: Moscow
Billing Contact State/Province: Moscow
Billing Contact Postal Code: 193009
Billing Contact Country: Russian Federation
Billing Contact Country Code: RU
Billing Contact Phone Number: +7.4956788435
Billing Contact Email: *************@pochta.ru
Technical Contact ID: CT513949-RT
Technical Contact Name: Anton Robin
Technical Contact Organization: Anton Soft
Technical Contact Address1: Kolitina 16-4
Technical Contact City: Moscow
Technical Contact State/Province: Moscow
Technical Contact Postal Code: 193009
Technical Contact Country: Russian Federation
Technical Contact Country Code: RU
Technical Contact Phone Number: +7.4956788435
Technical Contact Email: *************@pochta.ru
Name Server: NS1.EVERYDNS.NET
Name Server: NS2.EVERYDNS.NET
Name Server: NS3.EVERYDNS.NET
Name Server: NS4.EVERYDNS.NET
Created by Registrar: REGTIME LTD.
Last Updated by Registrar: REGTIME LTD.
Domain Registration Date: Tue Jun 23 14:11:15 GMT 2009
Domain Expiration Date: Tue Jun 22 23:59:59 GMT 2010
Domain Last Updated Date: Fri Nov 13 12:11:24 GMT 2009
Or while browsing a specific thread? If the later, it's possible, and has happened before, where a user can hide a "nasty" in their signature of their post. This means that it would get loaded by anyone viewing the thread where the post and signature was present. If this is the case, you'd need to inform where this thread is so the team can take necessary action, as it wouldn't be coming directly from Corvetteforum itself.
Of course it's possible that it's not the above and it's something else, such as through the ad network.
Or while browsing a specific thread? If the later, it's possible, and has happened before, where a user can hide a "nasty" in their signature of their post. This means that it would get loaded by anyone viewing the thread where the post and signature was present. If this is the case, you'd need to inform where this thread is so the team can take necessary action, as it wouldn't be coming directly from Corvetteforum itself.
Of course it's possible that it's not the above and it's something else, such as through the ad network.
Its defanitely the ad generator, its been owned. People are getting it all over the site.
I'm using Firefox with AdBlockerPlus and I have all signatures turned off. McAfee has not given me any warning messages and I've been on the forum off and on all day.
I do not go through the front/home page, but use a desktop shortcut to go directly to the C6 General forum or the Off Topic forum.
Don't know if this information will help with any diagnosis or not. Just thought it might.
Warning: Visiting this site may harm your computer!
The website at forums.corvetteforum.com contains elements from the site *******.com, which appears to host malware – software that can hurt your computer or otherwise operate without your consent. Just visiting a site that contains malware can infect your computer.
For detailed information about the problems with these elements, visit the Google Safe Browsing diagnostic page for *******.com.
Learn more about how to protect yourself from harmful software online.
I'm using FireFox now and it let's me through (although I'm scared to be here)......
What is the current listing status for *******.com?
Site is listed as suspicious - visiting this web site may harm your computer.
Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.
What happened when Google visited this site?
Of the 2 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-11-18, and suspicious content was never found on this site within the past 90 days. Malicious software includes 30 trojan(s).
This site was hosted on 1 network(s) including AS39150 (VLTELECOM).
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, *******.com appeared to function as an intermediary for the infection of 5 site(s) including turkforum.net/, webhatti.com/, maktoob.com/.
Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.
How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.
I came into OT with I.E.8 at 6:27PM and was immediately greeted by 4 notices of viruses by the Antivirus software provided by my ISP. 2 viruses were immediately deleted by my software. 1 was quarantined and 1 was deleted on reboot. I deleted the quarantined item after reboot. I have since scanned twice and appear to be virus free. Here's the log from my Antivirus software:
C:\Documents and Settings\Owner\Local Settings\Temp\jar_cache15463225937101245 36.tmp Trojan-Downloader.Java.Agent.ab Deleted 18/11/2009 6:27:04 PM
C:\Documents and Settings\Owner\Local Settings\Temp\jar_cache68610812648445384 .tmp Trojan-Downloader.Java.Agent.ab Deleted 18/11/2009 6:27:16 PM
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\9R7CAC9X\index[1].htm Trojan-Downloader.JS.Agent.esm Delete at restart 18/11/2009 6:27:24 PM
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KDG22NRC\manyWord[1].pdf Exploit.JS.Pdfka.anx Quarantined 18/11/2009 6:27:28 PM
File generated by Rogers Online Protection Anti-Virus
Corvette Store
Virius alerts [merged with 11/20 updates]
AVG detected Javascript Obfuscation (type 714) 
[/IMG]
