yes oople might have a vBulletin injection.
When a user visits the forum via Google search engine result pages (SERP), they are greeted with a payload script.
The script is sneaky, so it only happens the first time you try from e.g. a new browser or new compuer, and it might store a cookie that makes the browser never do it again later.
Read more here:
http://blog.sucuri.net/2012/07/sneak...njections.html