OpenX Ad Server reported to be hacked

It has been reported that some flaws in popular open-source advertising software has been hacked by hackers to place malicious code on advertisements on several popular Web sites.

The advertising software contain bugs which have been reported to be hacked is OpenX. Once these are hacked, it is possible for hackers to login to advertising servers and then place malicious code on ads being served on the sites. Some websites have reported to be hacked due to the OpenX bugs include King Features and Comics Kingdom.

According to King Features, the malicious code used a new, unpatched Adobe attack to install malicious software on victims’ computers, but that could not immediately be verified.

It has been known that cyber-criminals often use web based attack to install their malicious software and this latest round of hacks shows how ad server networks can become useful conduits for attack.

It is explained the way to attack is to use one attack to get login rights to his server, and then uploaded a maliciously encoded image that contained a PHP script hidden inside it. Once the image is viewed, the script is forced to execute on the server. It then attached a snippet of HTML code to every ad on the server. This invisible HTML object has been known as an iFrame which then redirected visitors to a Web site in China that downloaded the Adobe attack code.

In response, Adobe explains that the Adobe flaw has not been widely used in online attacks, even though it has been publicly disclosed. However, there have been up to hundreds of attack report received by Symantec this week.

Adobe assumes that one of the reasons for the attack is that many people are still running older versions of Reader that are vulnerable to other attacks. One of the common and simple ways for Adobe users to avoid such trouble is to disable JavaScript within their Reader software.