British govt health site directs visitors to malware

By

Mistyped URL blamed.

An "internal coding error" has been blamed after the web front-end to Britain's National Health Service (NHS) sent visitors to unrelated malware and advertising sites.

British govt health site directs visitors to malware

The bug saw more than 800 web links on the nhs.uk website send visitors to websites showing advertising and malware.

It was fixed by the NHS Health and Social Care Information Centre (HSCIC) on Monday afternoon.

HSCIC said an “internal coding error” caused users to be sent to a mistyped URL. It alleged the owner of the mistyped URL likely took advantage and registered the domain to serve ads and malware to the redirected NHS website visitors.

“We can confirm that this problem has arisen due to an internal coding error and that NHS Choices has not been maliciously attacked,” said a HSCIC spokeswoman on behalf of the NHS Choices website. 

Cigital principal consultant Paco Hope said the incident was proof that developers need to be diligent, not just with their code, but with website links too.

“On the Internet, typos do not go nowhere," he said.

"In this case a simple typo pointed innocent users to the domain owned by the hacker who was prepared and just waiting."

At the time of writing, most of the links had been corrected by the NHS HSCIC.

This article originally appeared at scmagazineuk.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, UK edition
Tags:

Most Read Articles

Salesforce to buy Informatica for US$8 billion

Salesforce to buy Informatica for US$8 billion

Telstra InfraCo trials AI to reduce reactive truck rolls for power issues

Telstra InfraCo trials AI to reduce reactive truck rolls for power issues

Services Australia refines public data to guide external AI use

Services Australia refines public data to guide external AI use

Orica to set new workforce systems live in Australia in July

Orica to set new workforce systems live in Australia in July

Log In

  |  Forgot your password?