The NHS Czech Malware Bug

A bug in the NHS Choices system sent users to a malware site. As reported in The Guardian:

“Last year, a developer accidentally put “” rather than “” as the source for the JavaScript file,” an NHS Choices spokesperson told the Guardian.

The “internal coding error” sent users to the mistyped URL, of which a third-party appears to have taken advantage, registering the mistyped domain name to serve adverts and malware to unknowingly redirected visitors from the NHS Choices website since Sunday evening.

Things like that make me wonder how on earth that bug could have been missed in testing, even though t’s not easy to answer that question without some knowledge of the archtecture of the site. I would assume from the URL that it’s some form of translation functionality, and I’d have thought somebody ought to have noticed the feature wasn’t working properly and investigated it little more deeply.

What I would like to know is how the Czech malware operator managed to find the bug when NHS’s own testing didn’t.

This entry was posted in Testing & Software and tagged , . Bookmark the permalink.

Comments are closed.