OpenX Ad Server Hacked in Adobe Attack

Hackers have exploited flaws in a popular open-source advertising software to place malicious code on advertisements on several popular Web sites over the past week.

The attackers are taking advantage of a pair of bugs in the OpenX advertising software to login to advertising servers and then place malicious code on ads being served on the sites. On Monday, cartoon syndicator King Features said that it had been hacked last week, because of the OpenX bugs. The company’s Comics Kingdom product, which delivers comics and ads to about 50 Web sites, was affected.

After being notified of the problem Thursday morning, King Features determined that “through a security exploit in the ad server application, hackers had injected a malicious code into our ad database,” the company said in a note posted to its Web site. King Features said that the malicious code used a new, unpatched Adobe attack to install malicious software on victims’ computers, but that could not immediately be verified.

Another OpenX user, the Ain’t It Cool News Web site was reportedly hit with a similar attack last week.

Web based attacks are a favorite way for cyber-criminals to install their malicious software and this latest round of hacks shows how ad server networks can become useful conduits for attack. In September, scammers placed malicious software on The New York Times’ Web site by posing as legitimate ad buyers.

This same technique that worked on King Features and Ain’t It Cool News was used to hack into at least two other Web sites last week, according to one OpenX administrator who spoke on condition of anonymity, because he wasn’t authorized to speak with the press.

Attackers used one attack to get login rights to his server, and then uploaded a maliciously encoded image that contained a PHP script hidden inside it, he said. By viewing the image, attackers forced the script to execute on the server. It then attached a snippet of HTML code to every ad on the server. Known as an iFrame, this invisible HTML object then redirected visitors to a Web site in China that downloaded the Adobe attack code.

OpenX said that it was aware of “no major vulnerabilities associated with the current version of the software 2.8.2; in either its downloaded or hosted forms,” in an e-mailed statement.

At least one OpenX user believes that the current version of the product may be vulnerable to part of this attack, however. In a forum post, a user said that he was hacked while running an older version of the software, but that the current (2.8.2) version is also vulnerable. “If you are running a current, unmodified release of OpenX, it is possible to anonymously log in to the admin site and gain administrator-level control of the system,” he wrote.

More details on the OpenX hack can be found here.

When researchers at Praetorian Security Group looked at the Adobe attack, it did not leverage the unpatched Adobe bug, said Daniel Kennedy, a partner with the security consultancy. Instead, the attack marshalled an assortment of three different Adobe exploits, he said. “We’re seeing no evidence that it’s the 0day that will be patched by Adobe in January.”

Security experts say that the Adobe flaw has not been widely used in online attacks, even though it has been publicly disclosed. On Monday, Symantec said it had received less than 100 reports of the attack.

That may be because many people are still running older versions of Reader that are vulnerable to other attacks. Adobe has been a favorite target of readers since a similar bug emerged last February. Adobe patched the issue in March, but users can avoid this attack and the current Adobe issue by simply disabling JavaScript within their Reader software.

“Everybody should have just changed the behavior on their Adobe reader,” said Gary Warner, director of research in computer forensics at the University of Alabama at Birmingham “Nobody’s reader should be executing JavaScript.”

Robert McMillan, IDG News Service – http://news.yahoo.com/s/pcworld/20091223/tc_pcworld/hackershitopenxadserverinadobeattack

According to http://www.openx.org/about/history the company history is says OpenX is a new company built on old traditions.

The OpenX ad server has been developed over the past 9 years by a passionate open source developer community.

Tobias Ratschiller, who also created the popular phpMyAdmin, started the project by releasing phpAds in 1998.

Since then our software has been called phpAds, phpAdsNew, MaxMediaManager and Openads.

Over the years the application has been dramatically extended and expanded to become the sophisticated ad management system you know today.

Milestones

1998 – Tobias Ratschiller creates phpAds
1999 – Wim Godden, with contributions from Phil Hord and Niels Leenheer, create phpAdsNew
2003 – Scott Switzer creates MaxMediaManager by building on the phpAdsNew codebase
2006 – Openads launches
2007 – Openads releases Openads 2.4 and announces $5.5m in first round funding
2008 – Openads changes its name to OpenX and announces $15.5m in second round funding

In 2006 Openads was launched with a focus of providing web publishers from around the world with tools to make the most from online advertising. The company announced venture funding in 2007 and made the first release of Openads 2.4, making it accessible to the phpAdsNew user base as a simple upgrade.

Today OpenX continues to develop the OpenX ad server and other services to help web publishers make more money from online advertising.

It’s a good idea to do your best to find out what it is that you will be good at when it comes to Internet advertising or the like. You may find that your skill doesn’t specifically lie in website related type work, but maybe you’re a better fit for radio or television. Even if you’re thinking that way, it’s important to remember that just about anything that can be done outside of the Internet can be done on the inside of the Internet. You may as well just face the fact that in the marketing industry, you will be networking online in one way or another.

It truly is the way of the future for us to entertain others with our podcasts, videos, articles and blogs we may write, paintings, stores and just about anything you can dream up. There are so many doors that can be opened up to you if you just give the Internet a chance.

I know many people who are turned off from the Internet or a computer because it never seems to work right or it’s just way too slow. I would encourage you to carefully change the way you approach the computer by setting your self up for success.