A site owner whose web team spent 100 hours trying to figure out the reason for their site being compromised finally isolated the problem. They gave us permission to share the following information, which we are reproducing here. Please note that we have not verified the details of this report, and we present it as-is for informational purposes only. If anyone has more information on this attack, please let us know in the comments or by e-mail at contact@stopbadware.org.
A group registered in Russia and constantly moving around Scandavavia on a daily basis using the domain newtickepicker.com has hacked into many of the OpenX Ad servers including ours to insert a plug in. It then places itself into a one pixel unit on a graphic position for an advertisement. The plugin is called "mergedDeliveryFunctions.php."
Update 3/22/10: A couple members of the community pointed out this recommendation to help protect OpenX Ad servers from being compromised in the future.
Ad servers hit by rogue plug-in
I had the same issue with my site. Removing Open X ads ASAP.
Seems to be a core issue with OpenX as there are numerous threads about it in their support forums..
http://forum.openx.org/index.php?showtopic=503466911 &
http://forum.openx.org/index.php?showtopic=503464981 &
http://forum.openx.org/index.php?showtopic=503453491&st=15
the blog of adgitize was also breached you may want checking it out sometime for analysis.
knowlege is power : http://pinoysecurity.blogspot.com
Sad news for OpenX. Advertising technology is a fragile and must be managed well. ZEDO does a great job attempting to increase safety: http://blog.zedo.com/wordpress/blog/2010/03/24/addressing-vulnerabilitie...
Add new comment