Vulnerable ad servers exploited with OpenX flaw

By on

Exploits known vulnerability in old version.

Several sites running the OpenX free advertisement server were compromised this week, leading to a tenfold increase in malicious PDF exploit attempts detected by researchers at web security firm Blue Coat.

All but one of the compromised sites were using an outdated and vulnerable version of OpenX, which attackers exploited to host a piece of malicious JavaScript code on the ad server, Tim Van Der Horst, malware engineer at Blue Coat, told SCMagazineUS.com.

The malicious JavaScript creates an invisible IFRAME, which opens a background connection to an attack site that silently tries to infect users with a variety of exploits, including ones against Adobe Reader. Affected sites include a Nigerian news outlet and others pertaining to Filipino boxing, HTML tutorials, Venezuelan sports, and Italian iPhones.

“Looking through yesterday's logs, there were 12 sites compromised this way,” Van Der Horst said.

OpenX announced in December that a remote vulnerability exists in version 2.8.2 of its software and provided an update to fix the issue. All affected sites except the Italian iPhone site were running this vulnerable version, Blue Coat researchers said.

They believe the Italian iPhone site, currently using the latest version of OpenX, was compromised while using a previous version and failed to clean up the attacker's code during the update process. Another scenario is that there is a new, undiscovered vulnerability in OpenX 2.8.5, the latest version of the ad server.

A spokesperson for OpenX did not respond to a request for comment made by SCMagazineUS.com.

The malicious PDFs used in the attacks are detected by most traditional anti-virus scanners, Chris Larsen, senior malware researcher at Blue Coat, told SCMagazineUS.com. In addition, having an up-to-date version of Adobe Reader should protect users.

The victim sites are likely still infected and will continue to send traffic to the malware network until they're cleaned up by their administrators, Larsen said. A typical website today has many different components, making it hard for webmasters to keep track of everything.

See original article on scmagazineus.com

Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?