UPDATE BT Plc Website Blocked by AntiVirus Firms for Phishing Attack - ISPreview UK
The official BT Group website (BT Plc) is today being flagged up by a number of Internet security checks and Anti-Virus firms due to an alleged infection of Phishing Malware (malicious software), which is normally used to help hackers steal personal information.

The problem came to light this morning when we attempted to load the btplc.com website on several computers protected by ESET NOD32 Anti-Virus software, which instead returned an Alert! page warning of a ďPotential phishing threatď. Digging deeper we were able to confirm that the website had very recently been added to the vendors Anti-Phishing Blacklist.

A few quick checks around the Internet reveal that some but not all other anti-virus vendors had either made a similar block or noted a related event on the btplc.com website. For example, AVGís free anti-virus software hasnít detected anything but others like ESETís NOD32 and Sucuri Inc. had. Itís not unknown for Anti-Virus firms to be overzealous when it comes to computer security software, but thatís not always a bad thing because it helps to keep you safe.

Digging deeper we were able to discover that the issue relates to an alleged infection by the MW:ANOMALY:SP8 malware virus, which has been around for a few years and is described by Sucuri as being, ďA suspicious block of javascript or iframe code [that] loads a (possibly malicious) code from external web sites Ö Those types of code are often used to distribute malware from external web sites while not being visible to the user

The malware is generally hidden inside the websites existing javascript files and various checkers pointed to the following pages on btplc.com as being infected:

Infected Pages (may not be a complete list)


Share price information

News & media
Annual reports 2014

Apparently all of the above exhibit the same line of remote-executed JavaScript code and we chose not to visit the main site until BT can confirm that itís been dealt with. ISPreview.co.uk has notified BT of the issue, although they didnít respond to our hails yesterday so we might not receive one today either.

All websites can be hit by this sort of thing and itís likely that BT has already spotted and dealt with it, although if history is anything to go by then anti-virus vendors often donít remove related warnings immediately and in some cases they can continue for several weeks even after the threat has been wiped.

Incidentally the http://www.bt-ngb.com website has also been offline for several days now, although this is not believed to be related and is just an unusual occurrence.