Yes Minister, your website is infected

(PRAGUE, Czech Republic, April 23, 2010) The French government is listening, at least when it comes to news of infected government websites.

France’s Network and Information Security Agency (ANSSI)  gave avast! a call on Friday, April 16 about our report that a government site was among the over 3,200 infected French domains identified in the 1Q‘2010. Globally, avast! detected 2.15 million infected pages and 252,801 domains.

The call came one day after avast! released its global report on infected websites and 32 days after avast! first detected the infection.  

The ANSSI  press officer wanted the data on infected sites, and, most importantly, the specific URL of the infected page. He got this data. For your information, the domain was service-civique.gouv.fr, a  a clearing house for information on non-profit and volunteer activities in France.

The civique.gouv.fr site had a Trojan Redirector ("JS:Illredir-AC [Trj]") at the /sites/default/files/languages/fr_913373ec30c3b536b504a37c09eb8017.js? URL. The infection lasted from March 15 through April 5.

Governments are often given low marks for speed and responsiveness. But in this case, ANSSI was much, much faster in responding to news of an infection than some businesses. And, that is even after these businesses were contacted directly by avast! virus specialists.

Perhaps reports on CNET (http://www.cnetfrance.fr/news/sites-gouv-logiciel-malveillants-39750921.htm) and by bloggers (http://www.generation-nt.com/commenter/avast-site-infecte-fr-gouv-actualite-998701.html#com) which raised the specter of the government spreading malware accelerated the response.