Feeds

Tainted ads punt scareware to surfers on LSE and Myvue sites

Autotrader.co.uk, and possibly eBay.co.uk, also hit by malvertising attack

5 things you didn’t know about cloud backup

Several highly trafficked UK sites – including the website of the London Stock Exchange – served malware-tainted ads as the result of a breach of security by a third-party firm they shared in common.

Surfers visiting auto-trading site Autotrader.co.uk and the cinema site Myvue.com were also exposed to the attack, which stemmed from a breach at their common ad provider, Unanimis, rather than at any of the three sites themselves. Unconfirmed reports suggest eBay.co.uk was also affected.

The malicious ads made several concealed redirects before dropping surfers on a portal pimping rogue anti-virus (AKA scareware).

Google's malicious website detection tool was among the first security tools to flag up the breach. The security breach at the London Stock Exchange – which was separately be-devilled by system availability problems last week – was brought to wider attention by a blog post by security consultant Paul Mutton on Sunday.

Net security firm Websense confirmed the attack on Monday, saying it had been tracking the progress of the attack over recent days.

"We have been following the exploit domains in this malvertising campaign for quite a while now," said Elad Sharf of Websense Security Labs. "In addition to MyVue.com and Autotrader.com, we've also received reports that ebay.co.uk and londonstockexchange.com were also affected."

By attacking third-party ad networks rather than websites, cybercrooks can increase the potency of attacks, Sharf added. ®

Next gen security for virtualised datacentres

More from The Register

next story
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Hear ye, young cyber warriors of the realm: GCHQ wants you
Get involved, get a job and then never discuss work ever again
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.