Vulnerabilities / Threats
2/12/2013
06:16 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Besieged By Hackers, OpenX Will Close Open Ad Platform

Self-service ad platform proves indefensible when hackers come knocking.

OpenX, a digital and mobile ad company that has received more than $70 million in funding from several venture capital firms including Samsung Venture Investment Corporation, has decided to abandon OnRamp, its free, self-service ad platform, because it couldn't defend against hackers.

On Monday, the company said in a forum post that "OnRamp has been the subject of escalating hacker activity in recent months, culminating in a serious attack that occurred Saturday, February 9, 2013."

As a result of the attacks, the company suspended OnRamp, a service based on the company's open source ad-serving software, in order to conduct an investigation into the breach. The company said its paid services -- OpenX Enterprise and OpenX Market -- rely on a different code base and are unaffected. The company also said it could not predict when or whether it would restore OnRamp service.

On Tuesday, it became clear that OnRamp will not be revived. Characterizing the breach as "a serious malicious hacker intrusion," the company said in a follow-up forum post that the increased frequency of malicious hacking has made it virtually impossible to keep OnRamp secure "in an environment of increasingly sophisticated and powerful intrusions that exploit open source software."

[ Can hackers' power cause dead bodies to rise from the grave? See Zombie Alert Hoax: Emergency Broadcast System Hacked. ]

Malicious advertising, or malvertising, is not a new phenomenon, but it doesn't typically result in complete surrender.

However, recent vulnerabilities in Java have helped hackers distribute malware through ad networks. Security firm Trusteer last month published a report detailing how a malvertising campaign distributed Blackhole exploits kits through ads carried on the Clicksor network.

"Using Clicksor as the malvertising platform allows hackers to reach a very wide audience, while allowing the hacker to distribute the malware at a very low cost (starting at $0.50 per 1,000 impressions)," Trusteer said in a blog post. "Clicksor (and other legitimate online advertising services) has no idea, of course, that these legitimate looking, paid advertisements contain malware."

Exploit kits like Blackhole are regularly updated to include code that exploits newly discovered vulnerabilities. As a consequence, Internet users with vulnerable browsers may see their systems compromised when visiting Web pages that display ads carrying these exploit kits.

Ashkan Soltani, an independent security researcher who previously served as staff technologist at the Federal Trade Commission, observed in an email that malvertising appeals to hackers because it's a far more efficient way to distribute malware than trying to hack websites on an individual basis. He likened it to "poisoning the reservoir."

Soltani also questioned the notion that the openness of OnRamp's service doomed it. "Google's ad platform is an 'open system' where anyone can submit ads but we don't see anywhere near the amount of abuse," he said.

OpenX declined to comment beyond the forum posts it published. The company plans to reactivate OnRamp next Tuesday to allow customers to access and export their data, but not to serve ads. On Friday, March 22, 2013, at 5:00 p.m. Pacific Time, OnRamp will be shut down permanently.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
AdServer
50%
50%
AdServer,
User Rank: Apprentice
5/14/2013 | 7:28:32 AM
re: Besieged By Hackers, OpenX Will Close Open Ad Platform
We have platform which is built on openX source / install version, runs smoothly with free of any attacks or exploits. We can assist you in setting up adnetwork, send your queries to info@openxservices.com or visit our website at www.openxservices.com
DFPexpert
50%
50%
DFPexpert,
User Rank: Apprentice
3/9/2013 | 2:45:54 AM
re: Besieged By Hackers, OpenX Will Close Open Ad Platform
If a publisher decided to go for DFP Small Business, we are ready to help with setting up the Ad Server please send your requests to info@adopsguys.com or visit our website at www.adopsguys.com
PJS880
50%
50%
PJS880,
User Rank: Ninja
2/19/2013 | 7:32:59 AM
re: Besieged By Hackers, OpenX Will Close Open Ad Platform
That is a shame that they got great financial backing and couldnG«÷t find or create defense mechanisms to ward off hackers. It also appears that real companies that are utilizing these resources are going to have to now find alternatives to advertise with. Do they also have any particular individuals and or groups that are responsible?

Paul Sprague
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1421
Published: 2014-11-25
mountall 1.54, as used in Ubuntu 14.10, does not properly handle the umask when using the mount utility, which allows local users to bypass intended access restrictions via unspecified vectors.

CVE-2014-3605
Published: 2014-11-25
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6407. Reason: This candidate is a reservation duplicate of CVE-2014-6407. Notes: All CVE users should reference CVE-2014-6407 instead of this candidate. All references and descriptions in this candidate have been removed to pre...

CVE-2014-6093
Published: 2014-11-25
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x before 7.0.0.2 CF29, 8.0.x through 8.0.0.1 CF14, and 8.5.x before 8.5.0 CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

CVE-2014-6196
Published: 2014-11-25
Cross-site scripting (XSS) vulnerability in IBM Web Experience Factory (WEF) 6.1.5 through 8.5.0.1, as used in WebSphere Dashboard Framework (WDF) and Lotus Widget Factory (LWF), allows remote attackers to inject arbitrary web script or HTML by leveraging a Dojo builder error in an unspecified WebSp...

CVE-2014-7247
Published: 2014-11-25
Unspecified vulnerability in JustSystems Ichitaro 2008 through 2011; Ichitaro Government 6, 7, 2008, 2009, and 2010; Ichitaro Pro; Ichitaro Pro 2; Ichitaro 2011 Sou; Ichitaro 2012 Shou; Ichitaro 2013 Gen; and Ichitaro 2014 Tetsu allows remote attackers to execute arbitrary code via a crafted file.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?