Ok I had written a whole page of theories as soon as this thread yesterday but needed more responses from others to confirm some things.
I'm not so sure any of us think it's a new problem. The *new* edge is that this new generation of hijackers are agressive. I believe it's some type of hijacking software/toolbar/adware/scumware.
I've personally noticed awkward differences on my own sites/SE listings/PPC Campaigns in January. If we take notice, a surge in threads/complaints/overall discussions started showing up end of January. February calmed down & was a little better and then March was hard & April wasn't much better - this is overall sponsors/billers/complaints - not confined to one sponsor or biller - more geared towards the straight sites though.
How they *possibly* did it:
My uneducated theory is that it was installed on alot of computers when the adult SERPS were hijacked with non-relevant results - stuff was installed on alot of computers. On or around the time the surge in complaints started showing up in threads (February), the SEs results in adult were practically taken over - most of the SE guys noticed the first & sometimes second page results becoming totally irrelevant and spammy like never before.
1) So somehow, they got into SEs (google comes to mind) by getting PR 5-6-7 pages to link them via the server vulnerability - boosting their SE importance/value by getting the links from mainstream domains with high PR.
(Findings mentioned in another thread on last week - I think the thread starter was someone by the name Reprobate if my memory serves me correctly)
2) Some of those results linked to 'real' pages, alot of them were redirecting directly to sponsors and yet others were leading to a trojan/spyware/scumware auto-install then redirecting to a real page - now most of us have some type of software blocking the stuff, but again, an uneducated guess would be *IF* 30-40% of computer users don't have computer protection - of the ones that do, a good percentage don't clean their computers often enough - of the ones that do clean them, they don't keep their Virus Scanners/Protection software up-to-date - so we have a problem with alot of users with infected computers.
3) Even if we report the links to the Search Engine, the damage is done already - the software/trojan/toolbar/scumware and whatever is sitting on the end user's computer & will redirect whenever they decide.
There was a pattern that I personally saw overall with all sponsors & have compared with a few others *big & small* - they all saw the same type of results - different results for straight/gay traffic though.
Why do I think it would be SE traffic primarily? Because if it wasn't, it would be more susceptible to chargebacks & credits and then it would be more noticeable via the sponsors - this way, they go virtually undetected. Also, I'm thinking it's not as noticeable because it's not done through one hijacker account only but through a web of a few/many at the sponsors so they go undetected.
First - we need to help sponsors find a solution by providing a valid copy of these scripts to send to the sponsors so they can have their people look at how it affects 'them' and perhaps to find a common denominator and be able to stop/track it beforehand.
Second - they got into surfers computers via SEs & continue to get in that way. We can all try adult keyword searches and look for them to track them down. If you have a computer that you can afford to get infected, let's let it download and get a copy so the experts can figure out what's it's doing and how it's doing it and perhaps find a vulnerability which prevents it from working. *you can also copy what your screen is doing via SNAGIT Video capture*
If the surfer doesn't have a clue about keeping their computers clean - then they are infected and don't know it. When they type in a keyword on a search engine, instead of going to the affiliate's link or the sponsor's link, it goes to the hijacker's id - a surfer wouldn't know the difference.
Another thing we can do is - cleaning it up - stop it by starting to do something to fight back by getting the word out and getting these surfers' computers clean and get them protected. Let's pull out a list of different solutions to common problems/virus scanners/trojan removers/toolbar removers and put a FPA between your disclaimer and your TGP/MGP/Hubs - put links in your member's areas, put posts in your blogs, if you do only SE work put a link to a reliable source - Let's get the VIRAL EFFECT TO WORK FOR US INSTEAD OF AGAINST US - it will only help your bottom line in the end.
Sorry for the length of the post 