Thanks

I have no formal IT training, but have always been fairly competent/keen to learn when it comes to IT. I have had some spare time this week and spent a while on this case. I cannot stress how much Google is your friend though.

Anyone with basic website (HTML/java) knowledge could have worked it out, the key though was being able to replicate the problem with a logger tracking all the traffic (the redirect happens within a split second). I found a logger (HTML Analyzer) last night which does exactly that, but couldn't replicate the problem. However, it happened today and I was able look through the history (which is quite in depth) and work back from the redirect site with the malware back to the FT forums.

I think the key thing I missed was the fact that the redirects were intermittent. Initially I mistakenly thought there was an exploit in the forum software as there have been problems previously on other forums being exploited. But the intermittent nature shows it was coming from something on the site that rotates (i.e. a banner/advert).

I would be interested to know how the bogus site was able to operate a banner here. There appears to be no track record of the company/site and the domain name owners have a whois block service so you don't know where they are from.