Nopesport

[Adrian]

When I just went on the BOF website my computer was attacked by a trojan from p****c.com (edited)

[guessed]

Same here - detection by Avast. Maybe a false positive. Anybody get a result from another AV product?

[guessed]

Definite injection of a script right at the top of the home page. DO NOT EVEN LOOK AT BOF SITE unless you really know what you are doing.

[guessed]

Also do not try to investigate the web site that Adrian had mentioned. Very bad for your computer's health.

[Oldandtired]

AVG picked it up too.

[AAH]

Google chrome automatically flagged it...

www. britishorienteering. org. uk contains content from[....], a site known to distribute malware. Your computer might catch a virus if you visit this site.

[guessed]

Adrian and myself have deleted from our posts the name of the site connected to this Trojan malware. If your Anti-Virus product reveals its name to you, you should not attempt to visit it.

[RJ]

Kaspersky AVS detected malware trojan and won't allow me to download the page. Sounds serious. Wonder how/why and how long it will be before it gets sorted. Not good!!

[DeerTick]

There doesn't seem to be much wrong with the BOF site here. I'm doubly protected. I think you guys should check out your own systems.

(apologies to follow when I'm proved wrong, of course)

AP

[guessed]

Oh well. We might as well put a notice up saying "Dangerous Cliff: Please jump off and see how long before you land".

Unless my attempts to contact BOF at this late hour have succeeded, or the webhosting company has done something, then it is infected. Promise.

[Mrs H]

Okay so I jumped and it's definitely still infected with that thing Adrian said. I've no idea what protection i have - I leave that to the techicians - perhaps it's a Mac thing

[Scott]

It looks like the Blackhole kit. The bad news is that most antivirus software is notoriously bad at picking it up - I suspect the reason that most people are seeing it flagged now may be because p****c.com has been blacklisted, and not because their antivirus has actually detected the trojan(s). It's therefore just about possible that some folk will have caught something nasty from the BOF site before it got onto the blacklist last night, even if they do have antivirus

The good news is that most of the exploits it normally uses are pretty old, so if you're all patched and up-to-date (in particular, if your Java installation is up-to-date), you're probably fine. But that said, it would probably be a good idea for everyone to download and run one of the free rootkit checkers.

[Paul Frost]

So the next questions are:
How should we warn people that don't read Nope that the site is infected?
Not everyone has auto-update on for WIndows and the same quality of anti-virus (or any).

Should association and clubs sites etc. put up a news item, send out emails etc.?

How will we know when it's fixed and safe to go back?

It's times like this that I wonder if building/managing websites is worth the agro.

[SeanC]

For a moment I thought that the BOF voicemail had been hacked by newspaper reporters looking for a "how many event levels are we going to have" scoop?

The simplist thing would be for BOF to send all BOF members an email saying their site is down, and then another when it's back up, but as I've never seen BOF send emails like this (which is a pity as it could be a good form of publicity) I imagine they don't have a mailing list set up.

I guess this sort of thing happens to websites quite commonly?

[brooner]

It happened to a number of our websites (not this one, but PT & nopeindustries) a couple of years back, often comes from a server being hacked rather than a specific site - the malicious code is just inserted into all the web pages/templates found on the server which can be a right pain in the arse to sort out...