The image to the right is an example. Click on the image to get a full sized view. I have more examples saved if anyone is interested.And here is the code which goes with the economist screenshot:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
	<head>
		<title>Books/displaystory.cfm</title>
		<base href="www.economist.com" />
		<meta name="description" content="Relevancy Searcher" />
		<meta name="revisit-after" content="1 days" />
		<meta name="robots" content="follow,index" />
		<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
		<!--
		<link rel="stylesheet" type="text/css" href="style.css" />
		-->
		<link rel="stylesheet" type="text/css" href="style2.css" />
		<script type="text/javascript">
		window.onload = function() {
			var q = document.getElementById("q");
			q.focus();
		}
		clk = function(q,u) {
			img = document.createElement("IMG");
			img.src = "http://www.economist.com/?query_id=" + q + "&url_id=" + u;
			return true;
		}
		rndr = function(t, d, u, us, qid, uid) {
			document.write("<h4><a href=\"" + u + "\" onclick=\"clk(" + qid + "," + uid + ")\">"  + t + "</a></h4>");
			document.write("<p class=\"description\">" + d + "</p>");
			document.write("<p class=\"url\">" + us + "</p>");
		}

		getXMLHTTP = function() {
			var xmlhttp = false;
			if (window.XMLHttpRequest) {
				xmlhttp = new XMLHttpRequest();
			}
			else if (window.ActiveXObject) {
				try {
					xmlhttp = new ActiveXObject("Msxml2.XMLHTTP");
				}
				catch (e) {
					try {
						xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
					}
					catch (E) {
						xmlhttp = false;
					}
				}
			}
			return xmlhttp;
		}

		</script>
	</head>
	<body>
		<div class="content">
			<span class="title"><a href="http://www.economist.com">Economist.com</a></span>

<form action="index.php" method="get">
	<div class="searchform">
		<label for="q">Find it quickly!</label><br />
		<input type="text" name="q" value="books/displaystory.cfm" id="q" />
		<input type="submit" value="Search!" id="search" />
	</div>
</form>
<div class="box">
	<div class="title">
		<h3>Related searches: books/displaystory.cfm</h3>
	</div>
	<div class="text related">
	<script>
	// Unsupported modification in the code might be changed without warning
	// To activate a parameter, just uncomment the line that contain <script> and that correspond
	// to the parameters that you want to activate. Ads-click won't be responsible for potential // errors that could happen if the parameters are wrongly defined.
	// *** Speed at which the keyword move to and in the clouds ***
	// 0 is the fastest (instant) 1 is the slowest (other values are with two decimal eg. 0.10).
	document['tc-adsclick-speedkeyword']=0.80;
	// *** Speed at which the keywords wink ***
	// 0 will never wink. 1 will be the fastest (other values are with two decimal eg. 0.10)
	document['tc-adsclick-hide']=0.02;
	// *** Probability of a keyword to be relocated ***
	// 0 will never relocate. 1 will be the fastest (other values are with two decimal eg. 0.1)
	document['tc-adsclick-relocate']=0.05;
	// Set a background image
	// URL of the image displayed in background of the Tagcloud
	document['tc-adsclick-background-image']='';
	// Minimum and maximum size of keywords.
	document['tc-adsclick-keyword-minsize']=10;
	document['tc-adsclick-keyword-maxsize']=34;
	// Show these colors
	// document['tc-adsclick-keyword-colors']= new Array('#FF0000','#00FF00','#0000FF');
	</script> <script src="http://acnetwork.flux.acsyndication.com?id=974_1390&oe=utf8"></script>
		<!-- google_ad_section_start(weight=ignore) -->
					<a href=""></a> &nbsp;

		<!-- google_ad_section_end -->
	</div>
</div>
<br />

I can't really explain this. It happens on both my computer and my girlfriend's, but only while connected to my home network: from other networks it seems OK. It happens randomly — perhaps one page every 100 or so, and then is gone when you reload the page. We're both running Linux so I can't verify if it is OS specific, but that would make a viral / malware attack unlikely. However there seem to be other complaints around the internet, also from the Philippines here and here, from users of Mac and Windows PCs, who use different browsers.

My guess is that there's something infiltrating the DNS system at SmartBro or maybe one of their proxy servers. Leave a comment if you're similarly affected and lets see if we can piece this together. The HTML code points to an advertising network. They have a Google Analytics ID … hmmm

Update 5pm, Sunday

A user in the macafee forum suggested it might be the DNSchanger trojan, which resets the DNS entries on your router if you leave them with a default password. My reply to that was that it was unlikely:

Thanks for the suggestion melboy. I'm not entirely convinced that this can be the culprit, as

• My router runs a non-standard firmware
• I have set the password on it.
• I recently upgraded it, and in the process reset all existing settings
• The dns servers it is given by the smartbro DHCP are the three valid smartbro dns servers, namely 121.1.3.199, 121.1.3.208, and 203.84.191.216. These check out on www.robtex.com

So unless the main smartbro DNS servers have been affected, I don't think this is likely. As a sidenote, I recently tested the Smartbro DNS servers for the DNS poisoning vulnerability released at Blackhat this year, and they passed, with properly randomised ports.

So … still puzzled. I may try using OpenDNS servers for a while to see if that helps. Then at least that would tell me if it was SmartBro DNS.

Hmmmmm.

I'm continually startled by the way people use email in the Philippines. Using a Yahoo address is phenomenally popular, even for business. I could forgive a mom and pop company from using momandpop@yahoo.com.ph, but when you get top management handing you cards saying ceo_888@yahoo.com.ph there is something clearly very wrong.

In no particular order, here are a few reasons why you should NOT use yahoo for your business email address.

• It looks tacky. It looks cheap. It gives the sense that your company is run on a shoestring and has no marketing department.
• Getting your own domain is cheap and easy. You can get an email/webhost in the US for USD 3 a month, and a domainname for USD 9 a year. If you really can't bear to part from your Gmail or YahooMail, then set up your own domain to point to their service. Gmail doesn't even charge for this, and Yahoo's charge is minimal. At least you'll seem to have control of your own destiny.
• Information leakage. Despite Google's and Yahoo's best assurances, there is no guarantee that your vital business documents will stay secret. While I believe they try hard to protect your information, there is always the chance of a rogue administrator inside the company reading and using information in your account. If you run your own mailserver, this is not an issue.

So do yourself a favour, get your email hosted properly somewhere. You know who you are.