London Exchange Hit Repeatedly by Glitches

By Fahmida Y. Rashid  |  Posted 2011-02-28 Print this article Print


Mutton disagreed because his computer was compromised just by accessing the page without clicking on anything. Furthermore, Mutton asserted it does not matter where the malware executable is actually hosted. "If their Website includes content from other sites, which is designed to propagate malware, then transitively, their site will also be propagating malware," said Mutton.

While the link for the main homepage does not appear to be flagged on the Google search results for the stock exchange as of Feb. 28, the link for AIM, the London Stock Exchange's international market for smaller companies, still displays the "This site may harm your computer" warning.

With the malvertisement removed, Google's Safe Browsing page on Feb. 28 reported just one malicious page out of five tested.

The stock exchange has had a number of technical problems recently. The exchange's migration to the new SUSE Linux platform caused problems for brokers, and on Feb. 25, a technical glitch in how pricing is displayed caused all trading to be put on hold for hours.

The LSE was not the only victim of this particular malvertisement, as it has affected seven other domains, including, a product reviews site for a variety of products and services including laptops, hotels and cars, and, a travel planning site for the United Kingdom and Europe, according to the suspected malware's Safe Browsing page provided by Google.

Web security firm WebSense also said that other sites using Unanimis had been hit by the same malicious ad over the weekend, including movie site Myvue and auto trading site Autotrader. There were also reports that the UK-version of eBay was affected, according to WebSense. The Safe Browsing page for said six malicious pages had been found, but did not list Unanimis as the intermediary distributing the malware.

In the case of AutoTrader, the site downloaded ads from its service providers while the user was browsing the site. When the malicious advertisement was loaded, the site redirected the user, and then again to the site that actually contained an exploit kit which targeted Internet Explorer, Adobe Acrobat Reader and Java, WebSense said. The dropped files installed the rogue antivirus and then demanded users pay $59.95 to remove the malware it had "found," according to WebSense's analysis of the kit.

According to WebSense, the dropped files have a low rate of detection by antivirus software.

Antivirus solutions continue to be "ineffective" addressing online threats, Ghosh told eWEEK. Whitelisting can't prevent malware "sneaking in through third-party ads," and users aren't protected when they trust their native browsers, he said.

Just keeping the antivirus definitions up-to-date is clearly not enough, as Mutton had just updated his security settings that morning before going to the stock exchange site.

"The strongest way to address this threat, and the only known solution to this problem, is to seamlessly isolate the browser from the host operating system in a clean, fully virtualized environment," Ghosh said, referring to Invincea's browser product that runs in a virtual machine.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel