Hackers have exploited vulnerabilities in open source software to insert ads for malicious code in many popular Web sites last week. Hackers take advantage of a couple of errors in adware access to OpenX ad server and then insert malicious code on the ads on the sites. Cartoon speaker Monday, King Features said it had cut last week because of bugs in OpenX. Comics United of farm produce, offering comics and ads on about 50 sites, has been hit.
After being informed of the problem Thursday morning, King Features found that security “through an application server operating items, attackers injected malicious code into our database of ads, the company said in a statement published on its website. King Features, said that the attack of malicious code to a new patch to install malicious software from Adobe for the victim’s machine, ‘but could not be verified.
Another user of OpenX, Is not It Cool News Web site was hit with a similar attack last week.
Web attacks are a privileged way for cyber criminals to install malware, and this latest round of hack shows how the ad server network may be useful for conduits of attack. In September, thieves put malicious software on the website of the New York Times, which appear as legitimate buyers of advertising.
This same technique that worked on King Features and Is not It Cool News was used to practice in at least two Web sites last week, according to the OpenX administrator, who requested anonymity because he was not authorized to speak to the press.
The attackers are using a strike to obtain the rights to access the server, then upload an image containing a PHP script code hidden malice in him, he said. Seeing the image, the assailants forced the execution of the script on the server. Annex is a snippet of HTML for each ad on the server. Known as an IFRAME, this object invisible HTML diverted visitors to a website in China that the attack code downloaded from the Adobe website.
OpenX said he knew of “no serious vulnerability associated with the current version – 2.8.2 – in any form, downloaded or stored” in the declaration of an e-mail.
At least one user OpenX believes that the current version of the product may be vulnerable to a part of this attack, though. In a post on the forum, one user said he had been cut while running a previous version, but the current (2.8.2), version is also vulnerable. “If you run an unmodified version of OpenX today, you can access the site anonymously and director-level value of the control system,” he writes.
More details on the hack OpenX can be found here.
When the researchers studied the connection of the Praetorian Security Group at Adobe, not make the mistake of unpatched Adobe said Daniel Kennedy, a partner of the consulting firm of security. Instead, the attack mobilized a range of three different companies, Adobe said. “We see that there are 0 days of patch testing by Adobe in January.
Security experts say the flaw in Adobe has been widely used in online attacks but have been publicly disclosed. Monday ‘, Symantec said it had received fewer than 100 reports the attack.
This may be because many people are still under the old versions of Acrobat Reader, which are vulnerable to other attacks. Adobe has been the favorite target of readers in a similar error appeared in the month of February. Adobe patches the problem in March, but users can avoid this attack and the question of the current simply disable JavaScript in their Adobe Reader software.
“Everyone should have changed their behavior in Adobe Reader”, said Gary Warner, director of research in computer forensics at the University of Alabama at Birmingham reader “Nobody should be running JavaScript.
Related posts: