Looking at the page source, I see an IFrame for http://www.[noclick]symboliclynx.com/bin/ (I added noclick -- don't click the link!) which is just a frame to the wanrzcvupf.hk site mentioned earlier. From what I've read elsewhere, that (wanrzcvupf) is a known malware site. symboliclynx.com appears on hacking lists all over -- I think it may be a compromised server. The IFrame is embedded in this site. I'm thinking it must have come from the hacking.
Also, with the help of Ray007, I'm investigating another possible way the infections are happening. My premise is that they are coming in through Flash animations. I have FF + Adblock, but I (was) enabling ads for this site. But I also have Flashblock, which prevents the flash animations from being loaded until I click on them. It gets rid of the majority of the annoying ads. Anyway, I have not yet received one notification from my virus scanner under this configuration -- and I'm not using noscript. Ray is helping to confirm this.
I sincerely doubt ioi gave any access to the mods to change stuff like removing links from the pages or control advertising. Like most site admins, he probably only gave the mods access to things like delete posts and ban people, which is all they need to do their job. Hopefully this information I've found will help him track it down when he gets back.
Existing User Log In
New User Registration
Register for a free account to gain full access to the VGChartz Network and join our thriving community.
