A.S. Roma football website infected with same malware as Jerusalem Post

Last week, I reported on (1, 2 and 3).

Yesterday, I notified my colleagues in our Italian office that the website of the football (soccer) club AS Roma was infected. My colleagues contacted AS Roma yesterday and today, and were told:

Our ISP say you are wrong (there is nothing wrong with the site) please do not contact us again.

So …

as you can see from the above picture the source code of the website contains two “script src”. The first linking to the bad URL associated with the Jerusalem Post hack and the second with another hack.

Sophos employees receive various responses when we try to help website owners clean-up infections on their sites. Being told we are lying is not normally one of them.