Booby-trapped adverts that hit visitors with fake security software have been discovered on the London Stock Exchange (LSE) website. Analysis of the LSE site suggests that over the last 90 days, about 363 pages had hosted malware hidden in third party ads.
Alan Bentley, SVP International at Lumension, commented: “Embedding malware in pop up advertisements is becoming common practice. It is a hacker's best friend because there is no need to entice computer users to click on anything, improving the chance of infecting users with malware.
“When it comes to malvertising, the danger lurks beneath the ad. There are no obvious tell tale signs to warn people about. The onus is therefore on the organisation hosting the website to keep it clean by ensuring that the latest security holes are plugged.
“Organisations concerned about their employees downloading malware in the process of visiting popular business sites, need to consider turning their security protocols on their head. Preventing only what is known to be bad from entering the network is no longer sufficient. Only by allowing the known-good to execute can organisations ensure that undetected malware can not run.”