A.S. Roma football website infected with same malware as Jerusalem Post

Filed Under: Malware, SophosLabs

Last week, I reported on (1, 2 and 3).

Yesterday, I notified my colleagues in our Italian office that the website of the football (soccer) club AS Roma was infected. My colleagues contacted AS Roma yesterday and today, and were told:

Our ISP say you are wrong (there is nothing wrong with the site) please do not contact us again.

So ...

as you can see from the above picture the source code of the website contains two "script src". The first linking to the bad URL associated with the Jerusalem Post hack and the second with another hack.

Sophos employees receive various responses when we try to help website owners clean-up infections on their sites. Being told we are lying is not normally one of them.


You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s