OpenX vulnerability leaves legit sites wide open to attack

An OpenX vulnerability is leaving legitimate and popular websites wide open to malware attacks – by getting into the nuts and bolts and tinkering with the advertising. 

Tucows, the popular download site, confirmed that it’s part of an OpenX server vulnerability. “We detected the intrusion, patched the vulnerability in OpenX and resolved the issue quickly,” said general manager Andy Walker.

The code is being loaded in from external domains. When planted on a website it hosts a downloadable exploit from advertising servers which will put the Bredolab trojan onto a computer. 

OpenX is an open source service for plugging ads without having to sign up to pricey offerings like AdSense.

OpenX is warning webmasters to upgrade their systems to version 2.8.7 – but some are having trouble as the worried flock to patch the vulnerability and leaving the OpenX page down. Recently other high profile websites such as The Pirate Bay, AfterDawn and eSarcasm fell victim to the attacks, reports Softpedia

So in the meantime, until OpenX is back up and running again it’s probably a good idea to be vigilant about which ads, if any, you click. Except ours of course. 

*EyeSee With a bit of cache hunting we found the patch for any worried webmasters. While the OpenX homepage is down, the server hosting the patch download is still up. And it’s here. (Zip file)