Last Updated: 2013-10-24 16:38:43 UTC
by Johannes Ullrich (Version: 1)
Update: Barracuda posted a more detailed analysis and packet capture showing that php.net may indeed have been compromissed and delivered a malicious flash file: http://barracudalabs.com/2013/10/php-net-compromise/ (thx David for pointing to this)
Sadly, Google is notoriously slow in removing false positives like this. It helps if the site's administrator is signed up with Google Webmaster tools. In this case, a request for review can be filed via webmaster tools, and the administrator will be notified via e-mail if the site is added to the blocklist.
For more details, see: