Hi there,
I am trying to download the latest IDE but everytime I get a warning from the anti-virus indicating the website is infected by HTML:HideSeoSpam-A[Trj] ....
And the connection gets terminated...
I am getting the same results with many (but not all arduino.cc pages). AFAIK it just started a day or so ago. AVG detects is as "HideSEOSpam-A virus. See screenshot below...
Line 128 of that page contains 9 or 10 (i'm not sure about the last one) malicious links.
This is a serious threat, needing immediate action from the website administrators.
Removing this line from this page will not suffice, and the entire site needs checking.
But i temporarily disabled AVAST and opened the page (from pert's link) and took a look at it myself.
That's when i saw this line 128.
If need be i can send the contents of the page somewhere.
NEW FROM TODAY MARCH 24, 2019
I am wondering why this message appears each time I go to Arduino.cc.
Sometimes i have Arduino.ee. Arduino.cc has change to Arduino.ee
I am scanning My PC with malwarebyte and AVG
Threat secured by AVG
We've safely aborted connection on www.arduino.ee because it was infected with HTML:HideSeoSpam-A [Trj]
More threats may be lurking!
I haven't seen any .ee sites reported while looking for this problem.
So i visited Arduino.ee
It seems to be a parked Estonian domain.
And no complaints by AVAST about that one.
From what I can tell, someone hacked into arduino.cc and added hidden links to some websites that seem to be focused on selling fake prescription pills. The reason for adding these links is for SEO (search engine optimization). Search engines base page rank on how many links there are to a page, and the page rank of the sites on which those links occur.
Since someone was able to do that, it's possible other malicious things were done, which could explain the arduino.ee thing, but I don't have any evidence for anything other than the SEO links MAS3 found, which anyone can check by doing a "View Page Source" on the downloads page, or many other pages on this website (though not the forum pages).
Just my 2 pence worth but going to say they were probably finished for the week before this hit the fan.
I could possibly have responded a little quicker too but first time round I thought maybe the OP had tried to download from somewhere other than here.
Not taking on a PR role just doing what I do because its the right thing to do regardless.
I do agree that maybe somebody should monitor the forums a little closer including weekends but compared to the last hack, this I think HAS been a quicker response.