Sophos users over the past few months may have noticed that they haven’t been able to access parts of the Somerset Information Exchange (SiX) due to instances of Mal/Badsrc-C on the site.
The problems for the SiX microsite, hosted on somerset.gov.uk, is larger than just malicious SCRIPT tags on pages. The site also has injected Blackhat SEO code on the main site:
The insurance area on the site is riddled with injected scripts:
Everyday, SophosLabs see thousands of infected websites, including .gov websites from around the world. We have procedures in place to initiate contact with the owners to help combat web threats. Unfortunately, not everyone listens.