Hard to say because I think two things happened at about the same time: a vapers group on Facebook got infected, and some of that spilled over to here, and then we had a different exploit on one of the ECF servers. The FB people fixed their end, then we had to find our problem. It turned out to be very hard to find as it was in an old plugin semi-installed in 2008 that was invisible unless you searched every file in vB - which is basically what our apps admin had to do.
As these things are encrypted code or call a script on another server, there's no way to tell exactly what it would be called, and the informal names - such as 'blackhole toolkit' - are not really any help anyway. Good scanners (online like Secunia, or on-PC ones) often find the stuff on a PC, and if things get difficult, you go to rootkit scanners, then offline scans using a Linux-based live CD with the right tools. Sometimes the problem is easy to find if you go straight to that and you are OK with registry editing.
I think the main lesson here is don't use Internet Explorer, or if you do, make absolutely sure that your whole PC has everything on it updated every week; plus get yourself a good AV and a real firewall, not the Windows joke effort. If you don't browse with IE then you get about 1% of the issues - or less.
It's best to keep your PC updated as there is plenty of software that regularly has holes found. Windows, IE, Java, anything Adobe including the simple PDF reader, Flash, Office (Excel for example), all need a regular update. It's also a good idea to get rid of old Java stuff because apparently it doesn't do that when updating, which leaves you vulnerable if IE lets anything in. Get something other than Adobe for anything web-related as they don't have a good reputation there. Get rid of Adobe PDF Reader too, there are several alternatives that don't take 30 seconds to boot up and have as many holes as Swiss cheese.
People need to use a real firewall, and a real one is one that stops dangerous traffic both in and out. Windows Firewall only works in one direction so from my perspective it does not qualify for the name 'firewall'. A real one has to learn what you allow and don't allow, so it has to be trained, and because of that, people can't be bothered. A real one blocks stuff dialing out and that's what you should do. Never, ever click 'Yes', unless you know
exactly what is happening. Just click 'No' or 'Block' and
make sure the Remember box is not checked. Then, if something doesn't work, you can just reboot and next time check the 'Remember' box and click 'Allow'. Just don't click Allow, ever, unless you know what it is. And remember that these things will try to fool you, so they may look respectable.
See this page:
Security advice
We do what we can but it is inevitable that every 6 months we will be exploited, because this site is so complex and because there are people trying to crack it all the time. The miracle is that it doesn't happen more often.
As several e-cig sites have had issues in the last couple of weeks it makes you wonder. If I had a couple of million bucks and wanted to bury e-cigs I know one route I'd go down...