New Variant to Address Serious Backdoor Trojan Released by OpenX

ZDNet.com reported on 7th August, 2013 stating a warning from security researchers which says that OpenX, a leading digital and mobile advertising technology provider has released a new version of its ad server product to address a backdoor Trojan that may have a malicious banner ads.

The advertising tech company (referring to OpenX) recently confirmed that its free open source ad serving product OpenX Source v2.8.10 is compromised by online miscreants.

OpenX's hidden code was detected by a regular follower of the acclaimed German tech news website Heise Online (Microsoft Translator), which reported the breach to the German Computer Response Team (CERT).

The discovery of Heise has also been asserted by security researchers of security firm Sucuri. It has remained undetected ever since November 2012 and allowed cybercriminals to execute any PHP code of their own choice on websites running on a vulnerable version of OpenX.

The backdoor Trojan is tucked within a directory in the /plugins tree in a JS (JavaScript) file and mixed with the JS code is a malignant PHP script which lets crooks use the 'eval' function for execution of any PHP code. Inter-mixing the PHP code with JS makes it even more hard to detect the backdoor Trojan. According to experts, searching PHP tags and employing other technical methods it one way they can be detected.

A Security Researcher of Sucuri, Daniel Cid commenting on the backdoor said: "The backdoor Trojan is very well concealed and hard to find. I presume it was being utilized for extremely targeted attacks instead of mass distribution of malware," as accords to a statement published by arstechnica.com on 7th August, 2013.

Nick Soraccor, Senior Application Security Engineer of OpenX said that it has now released OpenX Source v2.8.11 is a "mandatory upgrade" for users of 2.8.10 and should be functional immediately.ZDNet.com reported on 7th August 2013 stating that ZIP file is available on the forums of OpenX in addition to information regarding identification of the attack code.

Moreover, this is not the first time that OpenX has been hacked. In March 2012, it was hacked and served users with malware.

» SPAMfighter News - 8/19/2013