Andem - 3:20 pm on Feb 23, 2012 (gmt 0)
This is very nasty, indeed. Thanks for bringing this to attention!
The exploit was actually on the end of vbseo as their server was compromised. The remotely-hosted version checker was able to inject code as a vBulletin plugin and from there, pretty much given free reign over a vBulletin-powered board.
Lots of questions and until now, not enough answers.
After reading this, I did a search for a popular forum I know and sure enough, as a Google referral, I was redirected to a scammy affiliate site.