Monday, December 28, 2009

Hackers Hit OpenX Ad Server in Adobe Attack

Hackers have exploited flaws in a popular open-source advertising software to place malicious code on advertisements on several popular Web sites over the past week.

The attackers are taking advantage of a pair of bugs in the OpenX advertising software to login to advertising servers and then place malicious code on ads being served on the sites. On Monday, cartoon syndicator King Features said that it had been hacked last week, because of the OpenX bugs. The company's Comics Kingdom product, which delivers comics and ads to about 50 Web sites, was affected.

After being notified of the problem Thursday morning, King Features determined that "through a security exploit in the ad server application, hackers had injected a malicious code into our ad database," the company said in a note posted to its Web site. King Features said that the malicious code used a new, unpatched Adobe attack to install malicious software on victims' computers, but that could not immediately be verified.

Another OpenX user, the Ain't It Cool News Web site was reportedly hit with a similar attack last week.

Web based attacks are a favorite way for cyber-criminals to install their malicious software and this latest round of hacks shows how ad server networks can become useful conduits for attack. In September, scammers placed malicious software on The New York Times' Web site by posing as legitimate ad buyers. pcworld

No comments:

Post a Comment