NHS website sends visitors off to be infected by malware

The National Health Service is supposed to keep viruses at bay, generally speaking, but the NHS Choices website did the exact opposite yesterday, when it directed visitors to malware infested web pages.

The BBC reports that this happened due to a coding error, which redirected visitors to unpleasant destinations on Sunday evening, and yesterday.

This wasn’t just a single page of the NHS site, but the problem was widespread, and in fact some 800 pages were automatically redirecting visitors to dodgy pages which contained malware if you were unlucky, or advertising if you were more fortunate.

Most folks figured this was a malicious attack on the organisation, but in a statement, the NHS explained: “An internal coding error has caused an incorrect redirect on some pages on NHS Choices since Sunday evening. Routine security checks alerted us to this problem on Monday morning at which point we identified the problem and corrected the code.”

Apparently the error was a simple misspelling of “googleapis.com” by a developer, with a stray “s” inserted. Evidently someone in the Czech Republic noticed this error, registered the incorrectly spelt “googleaspis.com” and then exploited it to the maximum by loading it with malware and ads.

The issue is now fixed, the NHS has confirmed, but of course a lot of damage has already been done over the course of Sunday and Monday. There’s going to have been considerable traffic to the NHS Choices site over that period, all of whom may now have any number of Trojans and other nastiness pilfering their personal details, passwords, or who-knows-what.

If you visited the site yesterday, or at the weekend, you'd best fire up that antivirus scanner.

More unkind folks might be wondering whether the “H” in NHS stands for health, or hackers…