Tainted ads punt scareware to surfers on LSE and Myvue sites

Autotrader.co.uk, and possibly eBay.co.uk, also hit by malvertising attack

By John Leyden, 28th February 2011

Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

Several highly trafficked UK sites – including the website of the London Stock Exchange – served malware-tainted ads as the result of a breach of security by a third-party firm they shared in common.

Surfers visiting auto-trading site Autotrader.co.uk and the cinema site Myvue.com were also exposed to the attack, which stemmed from a breach at their common ad provider, Unanimis, rather than at any of the three sites themselves. Unconfirmed reports suggest eBay.co.uk was also affected.

The malicious ads made several concealed redirects before dropping surfers on a portal pimping rogue anti-virus (AKA scareware).

Google's malicious website detection tool was among the first security tools to flag up the breach. The security breach at the London Stock Exchange – which was separately be-devilled by system availability problems last week – was brought to wider attention by a blog post by security consultant Paul Mutton on Sunday.

Net security firm Websense confirmed the attack on Monday, saying it had been tracking the progress of the attack over recent days.

"We have been following the exploit domains in this malvertising campaign for quite a while now," said Elad Sharf of Websense Security Labs. "In addition to MyVue.com and Autotrader.com, we've also received reports that ebay.co.uk and londonstockexchange.com were also affected."

By attacking third-party ad networks rather than websites, cybercrooks can increase the potency of attacks, Sharf added. ®

Agentless Backup is Not a Myth