Booby-trapped adverts that hit visitors with fake security software have been discovered on the London Stock Exchange (LSE) website. Analysis of the LSE site suggests that over the last 90 days, about 363 pages had hosted malware.
The LSE said its site was now safe and an investigation showed that ads provided by a third party were the culprit…
Security expert Paul Mutton fell victim when he viewed the site on 27 February. He visited the LSE homepage to find out why some people reported that they could not access it.
The site was blocked by Firefox, he said, but accessible via Google’s Chrome browser. “It seemed to work with Chrome but then a few seconds later, without having to click on anything, pop-ups started to appear,” he said…
“I visited the site and it compromised my machine,” said Mr Mutton.
While he was fighting to regain control of his machine, the malware kicked off fake virus alerts in pop-up windows. One window was a fake security scanner which claimed it had detected lots of different malware on the PC.
Mr Mutton said his machine fell victim despite being updated with the latest batch of virus definitions earlier in the day…
Of the 1112 pages that Google scanned on the LSE site over the last 90 days, 363 were found to be hosting malware. The malicious code it found included scripting exploits and trojans.
The article rounds up with solutions and suspicions by security experts [meaning software vendors]. Which of course, don’t confirm a damned thing.
Causes may been ad servers, image servers, lots of ways the crud might have been made available to infect the computers of trusting subscribers. Not exactly the best job of self-policing, folks.