Exploit in OpenX Ad Servers Allows For MalwareMon, Mar 22, 2010 - 6:04 AM
If you have got a warning in the past 24 hours about malware being on Legit Reviews we apologize as our ad server was attacked through an exploit in our OpenX software. We take malware very seriously here at Legit Reviews and completely removed and installed the file structure and database from scratch in order to protect our readers from getting any malware. We have also been in contact with Google about or situation and they have confirmed with us that it has been resolved and the site is back to normal. If you are running OpenX we suggest that you update to the latest version, which is 2.8.5 or move to another solution. Our situation had our ad server dishing up a 0x0 iframe which was loading malware. The injected code was using multiple layers of Base64 encoding followed by a compression and it was rather nasty. We tipped off a few other sites that use OpenX, but we wanted to let everyone know about the exploit as it doesn’t seem widely known. OpenX might be having some internal issues as they never issued release notes for v2.8.4 or v2.8.5 and their front page hasn’t been updated to let anyone know that v2.8.5 has been released. Not what you want to see with an exploit like this running around the internet. To all those that helped us over the past 24 hours we thank you.
A group registered in Russia and constantly moving around Scandavavia on a daily basis using the domain newtickepicker.com has hacked into many of the OpenX Ad servers including ours to insert a plug in. It then places itself into a one pixel unit on a graphic position for an advertisement. The plugin is called “mergedDeliveryFunctions.php.”