OpenX Hack Spreads Malware to Websites

Ads are too often the source of malware attacks.

By  Sue Poremba | Sep 16, 2010
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

When people ask me what my greatest security concern is these days, I say ads that appear on websites. I don't blame the website itself, of course, as I understand the need for ads and I also believe that the site adminstraters use trusted sources for the ads.

Even so, the ads are too often the source of malware attacks.

That is the case right now with OpenX ad server. According to an article at The H Security, a vulnerability in the free server is being exploited to distribute malware. The article stated:

A server that provides The Pirate Bay with ad banners was hacked, but browsers that use Google's Safe Browsing API to reach the site are warned that it has dangerous content.. . . The problem is the result of a component integrated in OpenX's video plug-in, from a third-party, which allows images to be uploaded. In December 2009, the module "ofc_upload_image.php was" introduced, and it does not check who is uploading what to the server. As a result, executable scripts can be saved and executed on the server.

In addition, an article at Thinq.co.uk reported:

Visitors to the site who aren't running a background virus scanner or who don't use browsers that check Google's list of 'bad' sites are likely to have been exposed to a variety of nasty malware, none of which was directly hosted on The Pirate Bay but instead held on the cracked advertising server.

 

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter
Helpful Links

  • Yankee Group Mobile WAN Optimization Report

    Mobile work continues to evolve. Your organization must keep up with the demands of its mobile workforce. This report introduces the concept of mobile WAN optimization and provides three case studies including RCM, PRTM and Einstein that highlight how this emerging technology can help IT departments achieve what previously appeared to be conflicting goals. Read >

  • Network Security Resources

    More threats than ever before pose a danger to today's enterprise network. Get the latest tips and intel on the newest risks in our guide to network security resources. Read >

  • Extreme Savings: Cutting Costs with WAN Optimization

    Did you know it's possible to cut IT costs without impacting day-to-day IT operations? In fact, when you download this whitepaper from Riverbed on cost-savings through WAN optimization, you'll discover how businesses of all different sizes have realized a return on investment in just a few months through significant hard cost savings in areas such as bandwidth reduction and IT consolidation. It's called Extreme Savings and its only from Riverbed. Read >