Troj/IFrame-DY: Old websites don’t die they just get infected

Earlier this week Sophos informed a UK Local Police Authority (Hertfordshire) that a website they owned was infected with Troj/IFrame-DY.

It turns out that the Police Authority has a new site and the infected site is an old one that just leads the user to the new site:

Unfortunately, the old site also contains a malicious script, appended after the closing /HTML tag.

There are several ways of migrating users to a new website:

• Deleting the old and let a search engine take the strain
• Doing Server side redirects
• Asking the ISP to point the old website to the new sites IP address.
• and relying on client side redirects.

There are benefits and costs for all the above methods, however, from a security point of view having an old abandoned (not updated and secured) website is the worst.