It was definitely in the "Italian" thread; I could make the warning pop-up anytime I did an F5 on that thread. Now it's gone.
The URL was
xoomer . alice . it / hpcave / p66.jpg
and it's identified as a known phishing site.
If you go to the Italian thread, without any AV software running, and see the URL in there...
sometimes website designers leave it little bits of code which point to a dead domain, just in case their clients refuse to pay the bill. In that case the domain comes alive and they can sabotage the website.
Nasty - but I have seen that on another aviation forum. Actually every aviation forum I know of has been hit with "silent redirection" hacks (usually SQL insertion in the advert feed) within the past year. The admins never like to advertise it.
Page would pull in a single pixel image from our website embedded in the client site, so we could keep track of whether they were paying for correct user license. Permission was granted somewhere deep in T&Cs.
That technique is used today to see if people have read their emails
You stick the 1-pixel image URL in the email and log the server hit. Like most of these things, it works best with Micro$oft email software
Now its pretty much used by everyone in products like Webtrends
Easily blocked by NoScript plug-in in Firefox. I block all that stuff by default.