• United States



Phys.Org Hacked, serving up malware? Google blocks site, but Bing doesn’t

Jan 16, 20133 mins
Data and Information SecurityEnterprise ApplicationsMicrosoft

Phys.Org admitted it was hacked, but says there is no threat. Chrome and Firefox via Google are blocking the malware "attack" site, but Bing and IE do nothing to warn users that "this site may harm your computer."

Starting this morning, if you tried to access from either Chrome or Firefox, you were greeted with:

Chrome blocking access to for malware

Firefox also warned of being an attack site and blocked access.

Firefox warning for malware on

If you don’t know, then is a “news portal [that] provides the latest news on science including: Physics, Space Science, Earth Science, Health and Medicine.” When I searched to contact and notify the site, as well as ask about serving up malware, Google search also warned “this site may harm your computer.”

Google search says of this site may harm your computer

Yet a search for with Bing did nothing at, no warnings to protect users.

No malware or attack site warnings from Bing about

When using Microsoft’s Internet Explorer, it also took me directly the site which acknowledges the brief hack.

IE takes you directly to

Regarding malware warning: has been briefly hacked today, but there is no threat to users. Google has been notified and will remove the warning in a few hours.

When I reached out to GFI, Dodi Glenn, product manager for GFI VIPRE Antivirus, told me, “ seems to be plagued with security problems. This time, their spokesperson acknowledged that they were breached, but no one was harmed. They also stated that Google should be removing their notification shortly.”

Indeed has suffered from similar security problems such as last May when a PhysOrg spokesperson told ZDNet, “Our admins haven’t found any signs of badware on the site.”

However as of 1/16/13 at 1:17PM Eastern, StopBadware has PhysOrg blacklisted

In case you can’t read the text, it states “A red square () indicates the URL is currently blacklisted by StopBadware’s data providers.” Note the red square next to .

Do you use HTTPS Everywhere? If not, then you really should. But if you happened to go to Flickr yesterday evening while using HTTPS Everywhere and Firefox, then you were greeted with “Untrusted Connection.”

Flickr Untrusted Connection due to allowed security certificate to expire

While it was not the end of the world, or serving up malware, it was a bit irritating that Flickr had allowed its SSL security certificate to expire. Technical details stated, “ users an invalid security certificate. The certificate expired on 1/15/2013 at 5:42 PM.” About 3,000 sites support HTTPS Everywhere, but Flickr is listed as “partial.”  

Flickr partially supports SSL via HTTPS Everywhere

GFI’s Dodi Glenn told me:

With respect to, it appears they may not have renewed their certificate. However, there are times where certificates are revoked, which means the site may no longer be safe. It is important to update the Microsoft Root Certificates since it contains certification authorities that are trusted by Microsoft.”

For both of these scenarios, it is important to have an antivirus product that has URL filtering. In the event of a breach, the web filtering feature can block connectivity to these compromised sites.

Like this? Here’s more posts:
  • Critical Infrastructure Malware Infections: From ICS-CERT report to SCADA Strangelove
  • Police State starts in tiny Arkansas town
  • IE fix easily broken; Espionage hacker gang has endless supply of zero-days
  • Chrome, Firefox, IE to block fraudulent digital certificate
  • Don’t faint: Microsoft applauds hacker for Windows RT jailbreaking attempt
  • Oracle releases emergency Java patch; experts warn flaws may take 2 years to fix
  • Valve’s Steam Box controllers may use biometrics and gaze tracking
  • 20 Seconds to jailbreak Windows RT
  • Intelligence report predicts IT in 2030, a world of cyborgs with Asia as top power
  • Unpatched TRENDnet IP cameras still provide a real-time Peeping Tom paradise
  • Meet Red October, the latest cyber-spy malware for digital espionage

Follow me on Twitter @PrivacyFanatic

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.