Last week, I blogged about the fact that the Jerusalem Post being infected. Several subsequent articles were published about this threat (1, 2 and 3).

Yesterday, I notified my colleagues in our Italian office that the website of the football (soccer) club AS Roma was infected. My colleagues contacted AS Roma yesterday and today, and were told:

Our ISP say you are wrong (there is nothing wrong with the site) please do not contact us again.

So …

as you can see from the above picture the source code of the website contains two “script src”. The first linking to the bad URL associated with the Jerusalem Post hack and the second with another hack.

Sophos employees receive various responses when we try to help website owners clean-up infections on their sites. Being told we are lying is not normally one of them.

This virus information post courtesy of rss from: SophosLabs blog

Tags | Sophos