OpenX Vulnerability Makes Legitimate Websites Prone to Attack
The security researchers have revealed that a new OpenX vulnerability is making authentic and well known websites prone to malware attacks, by hacking their working mechanism and fiddling with advertising, according to a report published by techeye.net on 16th September, 2010.
In recent times, security experts at ParetoLogic highlighted that Tucows, the famous downloading site, was seen spreading a drive-by-download-type malware from advertise.tucows.com. Some external domains registered in Russia were distributing the malicious code and was trying to exploit the Microsoft Windows Help Center vulnerability fixed in the beginning of year 2010.
Amazingly, Tucows had confirmed being a part of OpenX server vulnerability. Their general manager, Andy Walker had stated that they detected the malware, fixed the vulnerability in OpenX and found a solution quickly, as reported by techeye.net on 16th September, 2010.
It is a disturbing fact that the vulnerability was also seen taking advantage of the AfterDawn.com for a limited period of time during 12th September, 2010. The vulnerability was made to corrupt files on AfterDawn's advertisement server, due to which advertisements failed to load. Instead advertisements were served from a specific server, and other AfterDawn services didn't get affected at any time.
Moreover, during the second week of September, 2010, two other popular websites, which were targeted by the cyber criminals, included 'The Pirate Bay' and eSarcasm.
Again, related to the current hacking cases, two days before the development team of OpenX allegedly delivered version 2.8.7 of the application, so that they can fix the vulnerability which started all these attacks.
As per the developers, they have detected a vulnerability in the 2.8 downloadable version of OpenX which can hack a server operating the downloaded version of OpenX, according to a report published by softpedia.com on 16th September, 2010.
The developers added that to avoid being a victim of this malware, all the users are advised to upgrade their systems to 2.8.7 immediately.
» SPAMfighter News - 27-09-2010