Malware at the library

The website of the New York Public Library is currently off-line. The cryptic message on the home page says that the site is "currently under maintenance."

This, of course, is what they all say. By "all" I mean organizations scrambling to recover from a disaster.

The New York Public Library website was hacked.

According to the Google Safe Browsing report for nypl.org

Part of this site was listed for suspicious activity 3 time(s) over the past 90 days ... 14 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-01-17, and the last time suspicious content was found on this site was on 2012-01-16.

Malicious software includes 3 trojan(s) ... Malicious software is hosted on 7 domain(s), including wittsendsalon.osa.pl/, daytonacarbparts.osa.pl/, blindfoldband.osa.pl/.

I'm told that before the library took their site off-line, that Firefox blocked access to it. To get this protection, Firefox users should do Tools -> Options -> Security and look for the checkbox to "Block reported attack sites."

Update: The website is back but there is no notice, warning or comment about their having served up malicious software.

Update2:  If your computer was infected with malicious software that was served up by the NYPL website, tough luck. The site features this disclaimer:

The Library assumes no responsibility for damage to your computer or other property resulting from your use of the NYPL Websites.