Several high volume, popular and legitimate UK web sites, including the London Stock Exchange, Ebay, Autotrader and the cinema site Myvue were found to be carrying malicious ads over the weekend, designed to pop up fake security messages on visitors’ computers.
An online advertisement was placed on the Unanimis ad network. The web sites themselves were not compromised, and the ad was removed as soon as it was discovered on Sunday. Visitors to the site early Monday were greeted with browser warnings saying that londonstockexchange.com had been reported as an attack page. The warnings showed up in the Firefox, Chrome and Safari browsers, but were removed later in the day.
The malware pops up a message on the victim’s computer, reading “Warning! You’re in danger! Your computer is infected with spyware.” This is typical “fake antivirus,” or “scareware” which is designed to trick the user into paying for useless software. Typically the fake A/V displays a graphic that looks like it is running a virus scan on the computer, reports several pieces of malware found, and demands money to remove the detected threats. The victim ends up handing money over to the scammers, but the malicious software doesn’t really do anything useful.
No count has been provided of visitors to the pages, number of users who clicked through the popups, or number of victims.