index.htm had some suspicious javascript in it (see screenshot). It probably needs a specific environment (browser family, old version, weak security settings) to really do anything. Still, if you run Internet Explorer and have accessed the Standoff site in the last 3 weeks, it'd be a good idea to run a virus and malware scan.
I've removed the code and copied the existing file to index.html.infected if anyone wants to check it out. Someone with access to the Standoff account is infected. The file date was July 8, 4:59pm CDT.