It turns out that the Police Authority has a new site and the infected site is an old one that just leads the user to the new site:
Unfortunately, the old site also contains a malicious script, appended after the closing /HTML tag.
There are several ways of migrating users to a new website:
- Deleting the old and let a search engine take the strain
- Doing Server side redirects
- Asking the ISP to point the old website to the new sites IP address.
- and relying on client side redirects.
There are benefits and costs for all the above methods, however, from a security point of view having an old abandoned (not updated and secured) website is the worst.