Phys.Org Hacked, serving up malware? Google blocks site, but Bing doesn't

Phys.Org admitted it was hacked, but says there is no threat. Chrome and Firefox via Google are blocking the malware "attack" site, but Bing and IE do nothing to warn users that "this site may harm your computer."

Starting this morning, if you tried to access from either Chrome or Firefox, you were greeted with:

Chrome blocking access to for malware

Firefox also warned of being an attack site and blocked access.

Firefox warning for malware on

If you don't know, then is a "news portal [that] provides the latest news on science including: Physics, Space Science, Earth Science, Health and Medicine." When I searched to contact and notify the site, as well as ask about serving up malware, Google search also warned "this site may harm your computer."

Google search says of this site may harm your computer

Yet a search for with Bing did nothing at, no warnings to protect users.

No malware or attack site warnings from Bing about

When using Microsoft's Internet Explorer, it also took me directly the site which acknowledges the brief hack.

IE takes you directly to

Regarding malware warning: has been briefly hacked today, but there is no threat to users. Google has been notified and will remove the warning in a few hours.

When I reached out to GFI, Dodi Glenn, product manager for GFI VIPRE Antivirus, told me, " seems to be plagued with security problems. This time, their spokesperson acknowledged that they were breached, but no one was harmed. They also stated that Google should be removing their notification shortly."

Indeed has suffered from similar security problems such as last May when a PhysOrg spokesperson told ZDNet, "Our admins haven't found any signs of badware on the site."

However as of 1/16/13 at 1:17PM Eastern, StopBadware has PhysOrg blacklisted

In case you can't read the text, it states "A red square () indicates the URL is currently blacklisted by StopBadware's data providers." Note the red square next to .

Do you use HTTPS Everywhere? If not, then you really should. But if you happened to go to Flickr yesterday evening while using HTTPS Everywhere and Firefox, then you were greeted with "Untrusted Connection."

Flickr Untrusted Connection due to allowed security certificate to expire

While it was not the end of the world, or serving up malware, it was a bit irritating that Flickr had allowed its SSL security certificate to expire. Technical details stated, " users an invalid security certificate. The certificate expired on 1/15/2013 at 5:42 PM." About 3,000 sites support HTTPS Everywhere, but Flickr is listed as "partial."  

Flickr partially supports SSL via HTTPS Everywhere

GFI's Dodi Glenn told me:

With respect to, it appears they may not have renewed their certificate. However, there are times where certificates are revoked, which means the site may no longer be safe. It is important to update the Microsoft Root Certificates since it contains certification authorities that are trusted by Microsoft."

For both of these scenarios, it is important to have an antivirus product that has URL filtering. In the event of a breach, the web filtering feature can block connectivity to these compromised sites.

Like this? Here's more posts:

Follow me on Twitter @PrivacyFanatic

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!