Tainted ads punt scareware to surfers on LSE and Myvue sites
Autotrader.co.uk, and possibly eBay.co.uk, also hit by malvertising attack
Several highly trafficked UK sites – including the website of the London Stock Exchange – served malware-tainted ads as the result of a breach of security by a third-party firm they shared in common.
Surfers visiting auto-trading site Autotrader.co.uk and the cinema site Myvue.com were also exposed to the attack, which stemmed from a breach at their common ad provider, Unanimis, rather than at any of the three sites themselves. Unconfirmed reports suggest eBay.co.uk was also affected.
The malicious ads made several concealed redirects before dropping surfers on a portal pimping rogue anti-virus (AKA scareware).
Google's malicious website detection tool was among the first security tools to flag up the breach. The security breach at the London Stock Exchange – which was separately be-devilled by system availability problems last week – was brought to wider attention by a blog post by security consultant Paul Mutton on Sunday.
Net security firm Websense confirmed the attack on Monday, saying it had been tracking the progress of the attack over recent days.
"We have been following the exploit domains in this malvertising campaign for quite a while now," said Elad Sharf of Websense Security Labs. "In addition to MyVue.com and Autotrader.com, we've also received reports that ebay.co.uk and londonstockexchange.com were also affected."
By attacking third-party ad networks rather than websites, cybercrooks can increase the potency of attacks, Sharf added. ®
Letters and numbers
Aren't all adverts malware?
Ebay Hit By Home Security 2011 Malware
Many people were hit by the Home Security 2011 malware whilst using ebay over the weekend.
Doing some searching this morning on various forums at it seems that there were a *lot* of people infected by it.
From reports on the ebays forums it seems like they CGAF.
Ah that's where it came from
I was wondering how my mother-in-law's computer became infected with this over the weekend...
A safe boot with networking enabled and malwarebytes stopped it , though it still has a few traces in the registry.
Turned off both Avast and microsoft security essentials though..