Google flagged PHP.net as suspicious website
PHP.net users that would like to access php.net were unpleasantly surprised today. Google flagged the website as suspicious and users of the Google Chrome and Mozilla Firefox browsers saw a security warning when they tried to visit the website.
According to the Google diagnostic page, suspicious content was found on php.net on October 23rd, 2013. Three domains were mentioned; cobbcountybankruptcylawyer.com, stephaniemari.com, and northgadui.com (owned by the same GoDaddy account) which were said to distribute malware to visitors of the site.
Was it a false positive like regular visitors of php.net suggested in many online discussions?
After connecting to the domain php.net the browser loads a few css files and userprefs.js from static.php.net.
After deobfuscating we get
Highly effective Cerber ransomware is spread via phishing emails and demands more than $700 in ransom
Based on analysis of past Locky ransomware attacks, experts in the Avast Threat Labs predict that another attack is imminent.