Britons caught out by booby-trapped web ads

LSE offices, AFP/Getty The website of the London Stock Exchange was one that displayed the booby-trapped ads

Related Stories

Tens of thousands of people could have been caught out by cyber criminals who put booby-trapped adverts on popular webpages.

The criminals racked up the victims by compromising the computers used by ad firm Unanimis to display adverts to popular websites.

The ads appeared on the websites of the London Stock Exchange, Autotrader, the Vue cinema chain and six other sites.

Unanimis said it moved quickly to pull the adverts once they were discovered.

Victim count

It said it was now investigating how the criminals managed to inject their booby-trapped ads into its feed.

David Nelson, operations and IT director at Unanimis, told the BBC that security alerts revealed the existence of the booby-trapped adverts at 1800 GMT on 27 February.

Clearing out the adverts took about three hours, said Mr Nelson.

A preliminary investigation revealed that "unauthorised access" to the ad servers allowed the criminals to inject their malicious code.

Mr Nelson said Unanimis was still investigating how the criminals got access as the firm has security systems in place that check adverts are safe before they are distributed.

"The [adverts] they chose to modify were not being widely distributed," said Mr Nelson. This, coupled with the attack taking place on a Sunday evening, limited how many people fell victim.

"We have to count ourselves lucky in some respects," he said.

Fake security warning, Paul Mutton The infection kicked off warnings from a fake security program

The bad ads exploited vulnerabilities in software used on Windows PCs to make it look like a machine had been hit by a virus.

Then it displayed a bogus diagnostic screen telling users that their PC was infected. It asked for payment to remove the "infection".

Mr Nelson said it was still trying to work out how many people had seen the booby-trapped ads.

He speculated that a "few percent" of Unanimis audience would have been hit. He declined to identify all the sites that had shown the adverts but said all those affected had been informed.

Patrik Runald, senior research manager at Websense, said its analysis suggested a lot of people had been caught out.

"We believe that quite a large number of sites were showing these adverts," he said, adding that the number of victims could be in the "tens of thousands".

The criminals behind the bad ads typically loaded their attack tools with code that exploited many different vulnerabilities in Windows programs.

Java and software from Adobe was becoming a favourite among hi-tech criminals, he said.

Mr Runald said cyber criminals liked to subvert advertising systems because it was a good way to get their malicious code put on popular sites with only a little effort on their part.

"Such malvertising is reasonably common," said Mr Runald. "It does not happen every day but it does happen every month or so."

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features

  • Alana Saarinen at pianoMum, Dad and Mum

    The girl with three biological parents


  • Polish and British flags alongside British roadsideWar debt

    Does the UK still feel a sense of obligation towards Poles?


  • Islamic State fighters parade in Raqqa, Syria (30 June 2014)Who backs IS?

    Where Islamic State finds support to become a formidable force


  • Bride and groom-to-be photographed underwaterWetted bliss

    Chinese couples told to smile, but please hold your breath


  • A ship is dismantled for scrap in the port city of Chittagong, BangladeshDangerous work

    Bangladesh's ship breakers face economic challenge


BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.