This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

London Stock Exchange website hit by malware scare

Share this article:

The website of the London Stock Exchange was hit by a drive-by-download attack over the weekend.

According to information security blogger Paul Mutton, writing on his 'High Severity' blog, the London Stock Exchange website was propagating malware to its visitors on Sunday. Visitors were infected by a rogue anti-virus that uses a software vulnerability to run native executable code on the victim's computer.

He said that the spoof program appears in the system tray and prevents other processes such as task manager to be run, falsely claiming that the user is infected with a virus. This malware also replaces the computer's wallpaper with a warning message.

It was later revealed that the malware was introduced via a third party advertising site used on the homepage via a 'malvertising' attack. “LSE have disabled the affected adverts, so all should be well now,” said Mutton.

He said that the infected page also led to Google's safe browsing diagnostic page confirming that malicious content was being served to the site's visitors. It said that of the 281 pages Google had tested on the site over the past 90 days, 65 pages resulted in malicious software being downloaded and installed without user consent. The site was also blocked by Chrome and Firefox, which both make use of Google's malware blocklist.

However, the London Stock Exchange denied that it was propagating malware. A spokesperson told SC Magazine that its website was not infected and that a third party provider called Unanimis, functioning as an intermediary for its website, was hit and the London Stock Exchange was one of many sites to be affected.

The spokesperson said: “We have had a lot of technology issues in the last few weeks and this is nothing to do with us. To be infected you have to go through our adverts to another site, so it is not the adverts on our website that are propagating malware, you had to click through to them.”


A statement from Unanimus, said: “Malware was detected on the Unanimis network which affected some advertisements on our network. Other than the banner advertisements in question, the malware does not impact or affect any other parts of a website. The affected advertisements have been removed and all sites continue to operate normally. For clarity the London Stock Exchange website was not impacted by this malware, not did it propagate malware.”


The spokesperson also pointed to a Google safe browsing report that confirmed that the website had not been affected by anything in last 90 days. The London Stock Exchange had previously informed Mutton that his blog was 'wholly inaccurate' because the LSE was not propagating malware, however he said that he strongly disagreed with the claim.

"The most obvious point is that simply visiting their homepage was enough to cause malware to be installed, with no need to click on anything. If their website includes content from other sites, which is designed to propagate malware, then transitively, their site will also be propagating malware," said Mutton.

“That is a fair and accurate claim to make, regardless of where the malware executables are actually hosted. In summary, if someone visits your homepage and it results in malware being downloaded and installed without the user having to do anything, then I believe it's fair to say that your website is propagating malware.”

The British stock exchange was in the headlines at the start of this month after it was reportedly the victim of a cyber attack on its headquarters last year.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Turn off WPS on routers for WiFi security

Turn off WPS on routers for WiFi security ...

A Swiss researcher is advocating turning off WPS to secure routers after finding a flaw that eliminates the randomness of codes generated by some routers when WPS is switched on...

Apple's iCloud hacked, nude celeb photos posted

Apple's iCloud hacked, nude celeb photos posted

Questions have been raised about the security of Apple's iCloud service, after a hacker posted nude pictures of celebrities to the 4Chan forum, claiming they were obtained after a hack ...