Home » ISP News »

UPDATE BT Plc Website Blocked by AntiVirus Firms for Phishing Attack

Posted Tuesday, June 17th, 2014 (7:31 am) by Mark Jackson (Score 623)
bt group phishing attack 1

The official BT Group website (http://www.btplc.com) is today being flagged up by a number of Internet security checks and Anti-Virus firms due to an alleged infection of Phishing Malware (malicious software), which is normally used to help hackers steal personal information.

The problem came to light this morning when we attempted to load the btplc.com website on several computers protected by ESET NOD32 Anti-Virus software, which instead returned an Alert! page warning of a “Potential phishing threat“. Digging deeper we were able to confirm that the website had very recently been added to the vendors Anti-Phishing Blacklist.

bt group phishing attack 1

A few quick checks around the Internet reveal that some but not all other anti-virus vendors had either made a similar block or noted a related event on the btplc.com website. For example, AVG’s free anti-virus software hasn’t detected anything but others like ESET’s NOD32 and Sucuri Inc. had. It’s not unknown for Anti-Virus firms to be overzealous when it comes to computer security software, but that’s not always a bad thing because it helps to keep you safe.

Digging deeper we were able to discover that the issue relates to an alleged infection by the MW:ANOMALY:SP8 malware virus, which has been around for a few years and is described by Sucuri as being, “A suspicious block of javascript or iframe code [that] loads a (possibly malicious) code from external web sites … Those types of code are often used to distribute malware from external web sites while not being visible to the user.”

The malware is generally hidden inside the websites existing javascript files and various checkers pointed to the following pages on btplc.com as being infected:

Infected Pages (may not be a complete list)
http://www.btplc.com/sharesandperformance/sharepricegraphs/index.cfm
http://www.btplc.com/news
http://www.btplc.com/Sharesandperformance/Annualreportandreview/index.cfm

Apparently all of the above exhibit the same line of remote-executed JavaScript code and we chose not to visit the main site until BT can confirm that it’s been dealt with. ISPreview.co.uk has notified BT of the issue, although they didn’t respond to our hails yesterday so we might not receive one today either.

All websites can be hit by this sort of thing and it’s likely that BT has already spotted and dealt with it, although if history is anything to go by then anti-virus vendors often don’t remove related warnings immediately and in some cases they can continue for several weeks even after the threat has been wiped.

Incidentally the http://www.bt-ngb.com website has also been offline for several days now, although this is not believed to be related and is just an unusual occurrence.

UPDATE 2:27pm

After an investigation BT has confirmed that the blocks, which have now been removed, were triggered by a false positive and ESET has updated their database accordingly. However one or two online security tests and web scanners probably won’t remove the issue from their lists until tomorrow or later. But the good news is that BT’s website is safe.

Delicious
Add to Diigo
Add to Slashdot
Tags: ,
Leave a Comment
1 Response
  1. No Clue

    They should advertise the fact and maybe create a new bundle.

    Free Malware + Sports for 6 months maybe?

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

IMPORTANT: Javascript must be enabled to post (most browsers do this automatically). On mobile devices you may need to load the page in 'Desktop' mode to comment.


Comments RSS Feed

* Your comment might NOT appear immediately (the site cache re-syncs periodically) *
* Comments that break site rules, SPAM, TROLL or post via fake IP/anon proxy servers may be blocked *
Promotion
Cheapest Superfast ISPs
  • BT £0.00 (*15.00)
    * Speed: 38Mbps - 20GB
    * Gift: £50 Sainsburys Voucher
  • Sky Broadband £0.00 (*20.00)
    * Speed: 38Mbps - Unlimited
    * Gift: First 6 Month Discount
  • PlusNet £3.99 (*14.99)
    * Speed: 38Mbps - Unlimited
    * Gift: None
  • TalkTalk £6.75 (*13.50)
    * Speed: 38Mbps - Unlimited
    * Gift: None
  • Virgin Media £10.00 (*15.50)
    * Speed: 50Mbps - Unlimited (FUP)
    * Gift: None
Poll
* Javascript must be ON to vote *
The Top 20 Category Tags
New Forum Topics
Promotion

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved (Terms, Privacy and Cookie Policy, Links (.), Website Rules)