A North Oxford pub: Serving malware not beer :(

If you’re going to the pub today you might be in for a big surprise. At least if you visit the pub’s website, because the one I visited last Friday was serving malware.

At the end of last week, I was tasked with being in charge of my baby daughter so I arranged to meet some college friends (also with babies) in North Oxford. A pub, which I won’t name here, was suggested. North Oxford not being an area I am greatly familiar with I went to have a look on Google.

I saw where to park (via the maps) and I also saw that they had a website. Upon visiting the website I noticed nothing was displayed and that NoScript gave me a warning. Viewing the source:

This looked bad so I sent a quick email to my colleague (Fraser) and he confirmed that it was indeed bad: (Mal/ObfJS-BI). When deobfuscated the script writes an Iframe to a site in China.

Looking at the WHOIS information for the site it is owned by the pub but there are no associated contact details. So I decided to tell the landlord while waiting for my friends.

Unfortunately, I was, relatively politely, refused entry to the pub because of my baby daughter and so could not tell him 🙁 I’m trying to contact the pub via other routes – but am not holding much hope for a successful clean-up in the short-term.

Google has ~50 sites all linking to this malicious site so if you are suggesting a meeting in North Oxford make sure, that if people don’t know where it is, you choose a pub with a malware-free website.