After many hours of investigating this I finally discovered what is probably going on here:
Malicious Server-Wide Meta Redirects.
The site http://www.UnmaskParasites.com
tests if sites are hacked and infected with parasites. You can let it check web pages. The result for the LNE homepage can be found here
http://www.UnmaskParasites.com/security ... europe.org
The test reports:
Suspicious Inline Scripts
Script outside of <HTML>...</HTML> block
var rwhfak=new Date( ); rwhfak.setTime(rwhfak.getTime( )+12*60*60*1000); document.cookie="\x6e\x5fs...
The last line is a part of the weird script I found in the source code of the blanc pages (which I reported earlier).
The following article describes in detail what is VERY LIKELY going on here at LNE:
http://blog.unmaskparasites.com/2009/07 ... redirects/
IN SUMMARY: THE SERVER THAT LYMENET EUROPE IS RUNNING ON IS VERY LIKELY HACKED, WHICH SOMETIMES MAKES IT SERVE MALICIOUS CONTENT BY MEANS OF INJECTED CODE.
IF YOU SUDDENLY SEE AN ANTIVIRUS MESSAGE APPEAR WHILE VISITING LYMENET EUROPE, THEN IT IS PROBABLY A FAKE ANTIVIRUS MESSAGE SERVED BY THE MALICIOUS CODE. DO NOT CLICK OKAY TO LET THE FAKE PROGRAM RUN A SCAN OR ANYTHING, BUT TRY TO CLOSE THE WINDOWS.
As long as you haven't received those fake antivirus messages AND didn't use it (clicking OK button), there is probably not a problem.
I also received those fake messages a few times the past days and I knew rightaway they were fake, but I didn't realise this could be related to the recent problems with LNE, but they are almost certainly related! Yesterday I let several anti malware programs scan by PC and they couldn't find anything. Now I understand why, the message is served via the internet.
If you did receive fake spyware/virus scanner messages while visiting LNE, please let me know, and tell me if you used the fake scanner.
I received pop-up messages from a fake tool displaying names like "Total Security (Tool)" and similar names.
Once installed, Total Security performs fake system scan and displays various infections that cannot be removed until you first purchases the program, because trial version is supposedly unable to remove those infections. Actually, these infections do not really exist and are being shown only to scare you hopping that you will buy a license of Total Security 2009. The rogue may also display the Total Security Protection Center window which is very similar to legitimate Windows Security Center notifications. What is more, Total Security terminates popular anti-malware applications when users try to perform system scan.
Isn't it insane?!
I am sorry this is happening. Continue using LNE at your own risk!
I will inform my web hosting provider about this now.