Look in your browser's View Source and if you see alice.it ....

Actually I think it is something in the Italian thread

OMG, says I. I would have expected the various scanners I have to pick it up, but its there.....

And then I realised that I had searched for it, and found the string that was actually your thread starter.

Doh!:ugh:

I can see Alice.it in the source....because you wrote it :}:}

As it was explained to me once, sometimes website designers leave it little bits of code which point to a dead domain, just in case their clients refuse to pay the bill. In that case the domain comes alive and they can sabotage the website.

Some of the time, depending on how clever your virus scanner is, these are picked up as possible viruses by heuristic scans, when in actual fact they are benign.

we used something similar in a bunch of early web applications we wrote, but to track unique user base, many many years ago. Page would pull in a single pixel image from our website embedded in the client site, so we could keep track of whether they were paying for correct user license. Permission was granted somewhere deep in T&Cs.

Now its pretty much used by everyone in products like Webtrends. Ah, I wish we'd had the foresight to make that product :-) Never mind

It was definitely in the "Italian" thread; I could make the warning pop-up anytime I did an F5 on that thread. Now it's gone.

The URL was
xoomer . alice . it / hpcave / p66.jpg
and it's identified as a known phishing site.

If you go to the Italian thread, without any AV software running, and see the URL in there...

sometimes website designers leave it little bits of code which point to a dead domain, just in case their clients refuse to pay the bill. In that case the domain comes alive and they can sabotage the website.Nasty - but I have seen that on another aviation forum. Actually every aviation forum I know of has been hit with "silent redirection" hacks (usually SQL insertion in the advert feed) within the past year. The admins never like to advertise it.

Page would pull in a single pixel image from our website embedded in the client site, so we could keep track of whether they were paying for correct user license. Permission was granted somewhere deep in T&Cs. That technique is used today to see if people have read their emails :) You stick the 1-pixel image URL in the email and log the server hit. Like most of these things, it works best with Micro$oft email software ;)

Now its pretty much used by everyone in products like Webtrends

Easily blocked by NoScript plug-in in Firefox. I block all that stuff by default.

IO, you're incredibly well informed on technology for a 92 year old :-)