London Stock Exchange site shows malicious adverts
- 28 February 2011
- From the section Technology
Booby-trapped adverts that hit visitors with fake security software have been discovered on the London Stock Exchange (LSE) website.
Analysis of the LSE site suggests that over the last 90 days, about 363 pages had hosted malware.
The LSE said its site was now safe and an investigation showed that ads provided by a third party were the culprit.
One victim claimed his PC was made unusable after being infected.
Security expert Paul Mutton fell victim when he viewed the site on 27 February.
He visited the LSE homepage to find out why some people reported that they could not access it.
The site was blocked by Firefox, he said, but accessible via Google's Chrome browser.
"It seemed to work with Chrome but then a few seconds later, without having to click on anything, pop-ups started to appear," he said.
The malicious code closed down several of the programs Mr Mutton was using and stopped new ones being started.
"I visited the site and it compromised my machine," said Mr Mutton.
While he was fighting to regain control of his machine, the malware kicked off fake virus alerts in pop-up windows. One window was a fake security scanner which claimed it had detected lots of different malware on the PC.
Mr Mutton said his machine fell victim despite being updated with the latest batch of virus definitions earlier in the day.
Analysis of the LSE homepage by Google's safe browsing scheme, which scans web pages for malicious code, found the site had been listed for "suspicious activity 6 time(s) over the past 90 days".
The last time it discovered malicious activity on the site was on 27 February, the day Mr Mutton visited.
Of the 1112 pages that Google scanned on the LSE site over the last 90 days, 363 were found to be hosting malware. The malicious code it found included scripting exploits and trojans.
Graham Cluley, senior technology consultant at security firm Sophos, said: "Our suspicion would be that it was the third-party advertising network running via the site that delivered the malware."
"This so-called 'malvertising' is big business for cyber criminals," said Mr Cluley.
"If they are able to plant their poisonous adverts in the streams being used by major websites then it can spread their attacks far and wide," he said.
While many sites rely on third-parties to provide adverts, that can have its risks, said Mr Cluley.
"Unfortunately when an infection does get through it's likely that the users will blame the website, not the ad network," he said.