Popular Websites Hit by Malvertizing Attack

Internet users were prompted by security alerts when browsing popular websites this weekend because of a malvertizing campaign that managed to push exploits onto their pages.

It's not yet clear where the attacks originated, but many of the reports seem to focus on a domain called stripli.com from where the malicious advertisements were loaded.

This domain is currently blacklisted by Google's Safe Browsing service, which means that websites trying to load content from it could end up being blocked in Chrome and Firefox.

Just a few hours ago www.londonstockexchange.com was in this situation and attempting to visit it from Google Search and these two browsers resulted in a Safe Browsing error.

The diagnostic page for stripli.com still states that "this site has hosted malicious software over the past 90 days. It infected 7 domain(s), including reviewcentre.com/, londonstockexchange.com/, viamichelin.com/."

But, according to reports on Yahoo! Answers, the impact was much more extensive, with IMDb.com and eBay.com being among the affected domain names.

Google's Safe Browsing service didn't have time to blacklist these domains until they resolved the problem, but some users were alerted by their antivirus programs about malicious code being served from them.

On some forums people reported being infected with a fake antivirus program after browsing through the affected sites.

This seems to be consistent with the findings of security researchers from Websense who investigated two other malvertizing victims, Myvue.com and Autotrader.co.uk.

Both websites loaded malicious ads served through a legitimate provider called Unanimis. It's not clear how criminals managed to push them onto the company's network, but social engineering and impersonation are common in such cases.

The ads loaded an exploit toolkit that tried to exploit vulnerabilities in outdated versions of Java and Adobe Reader in order to install a piece of scareware.

Users can protect themselves from such attacks by keeping all software installed on their systems up to date and using an antivirus program that is capable of blocking Web-based exploits.