Portal Home > Knowledgebase > Articles Database > Openx ad malware
Openx ad malware
| Posted by nonmal, 04-20-2011, 12:15 PM |
| Hello all,
Just thought to share what we have been observing on OpenX enabled sites for the last little while. This info might help to quickly identify if any sites you manage are infected due to an OpenX vulnerability or not.
Please consider upgrading to ver 2.8.7.
Whenever a user visits a site hosting ads via OpenX, the /www/delivery/ajs.php code in OpenX dynamically creates Javascript code that is embedded when the ads are displayed to the visitor on a webpage. In most cases a piece of malware in the form of a small Javascript snippet is attached to the location:
This piece of malware loads in an Iframe element which looks like:
This piece of malware gets injected on every page that is served out with the ad, and is usually located on the very first line of the web page.
You can verify this easily by simply viewing the source of the webpage.
An example of the dynamic Javascript which inserts this malware looks like:
The good news is that upgrading OpenX to the most recent version, at least 2.8.5 to 2.8.7 and above, fixes the vulnerability.
A very good resource about how to secure your OpenX installation is found at http://blog.openx.org/09/security-up...-installation/
A related thread is also present at http://www.webhostingtalk.com/showthread.php?t=993551
Hope this helps.
|
| Posted by ivounnerry, 04-21-2011, 06:38 AM |
| Thanks for the info. I used OpenX for rotating product banners and ads for my site and I think I need to check them to see if there's a malware planted on my sites.
|
| Posted by Sushantg, 04-21-2011, 07:00 AM |
| This information is really helpful.
|
| Posted by tvcnet, 04-22-2011, 12:34 PM |
| Hi folks,
OpenX has been under siege for well over a year. I strongly urge anyone using it to consider alternatives as well. I have nothing against the OpenX folks. They seem like well meaning people over there, though they can't seem to keep ahead of the malware and hackers who see the software as an easy target to promote their body part growth pills and the like...
You can read about the ongoing drama relating to this service by entering "openx" in the Google Webmaster Central forums. Virtually every other month it seems there is some new hack, forcing everyone to upgrade or else. It's pretty tragic to say the least.
Best Wishes,
Jim Walker
The Hack Repair Guy
|
| Posted by PixelDawg, 06-11-2011, 07:22 PM |
| Can you recommend any alternatives?
|
| Posted by zahirw, 06-11-2011, 10:54 PM |
| Thanks for the heads up
|
Add to Favourites 
Print this Article
Also Read
