The silver lining on these dark-cloud admin issues is the fun derived from running a back-office sweep to see if anyone guesses what's going on correctly
Alas this time, nobody gets the cigar.
So, first of all - the vBulletin hack suggestion (including much outdated video) is wide of the mark. Just to satisfy curiosity, the security hole was actually in the code of the advertising system used on ASN (which confused us a bit because that's been fairly watertight until this hiccup). There was even a clue for you... The banner ads have disappeared.
Anyway, the advertising software has been plugged; but we're going through the new version with a fine-tooth comb before it goes back on.
So, where we're at right now...
1) ASN IS CLEAN AGAIN. The malicious iframe code is now gone; integrity has been checked in the back-end.
2) FTP and ADMIN access to the server/vBulletin were never compromised, but login credentials have been refreshed just in case.
3) If you're still having problems, you've got:
a) something cahced
b) a weird little issue seemingly caused by Firefox and the Google attack-site warning page.
...to expand on that last point...
a) If you're getting any weird warnings in ANY BROWSER, or problems with pages not being displayed correctly.
i) Navigate away from ASN.
ii) Clear your temporary internet files/recent browsing history - USE ANY 'ADVANCED' OPTIONS PANE YOU CAN TO ENSURE
ALL YOUR BROWSER'S CACHE IS DELETED - INCLUDING COOKIES
iii) Close and re-start your browser before revisiting ASN.
...if problems persist it may be because of:
b) I just had a weird issue in that Firefox was still misbehaving with ASN, regardless of the fact the malicious code is definitey gone, and I'd cleared everything from my cache. I uninstalled and re-installed Firefox, and it worked fine on the first visit, but then went back to displaying pages with incorrect formatting.
It SEEMS to be related to Google attack-site warning page. While I was having problems with the site, I'd been clicking the 'Ignore this warning' link at the base of the page; when I disabled that, Firefox has settled-down nicely. To disable it, I opened the Firefox options (Tools, Options...) and selected the 'Security' tab. I un-ticked the 'Block reported attach sites' box and hit OK. Did Ctrl+F5 to force refresh the page, and it's fine now. I've again checked the code being parsed by the browser and there's nothing nasty there; also I've TWO fairly aggressive anti-virus/malware systems running on this laptop, and both of them are cool beans.
...It might be worth giving that a try - BUT DO IT AT YOUR OWN RISK - IF YOU'RE A FAN OF CRACKED SOFTWARE OR WEIRD PORN SITES, YOU'RE GOING TO NEED TO REMEMBER TO TURN IT BACK ON.
Now, as regards the Google attack site warning page itself...
The long and short of it is they're incredibly fast to stick a site on the blacklist, and not so spritely removing it. We're leaning on them and we will be off the list ASAP.
Cheers,
Rob.
ASN Admin Team