Vulnerabilities / Threats
06:16 PM
Connect Directly

Besieged By Hackers, OpenX Will Close Open Ad Platform

Self-service ad platform proves indefensible when hackers come knocking.

OpenX, a digital and mobile ad company that has received more than $70 million in funding from several venture capital firms including Samsung Venture Investment Corporation, has decided to abandon OnRamp, its free, self-service ad platform, because it couldn't defend against hackers.

On Monday, the company said in a forum post that "OnRamp has been the subject of escalating hacker activity in recent months, culminating in a serious attack that occurred Saturday, February 9, 2013."

As a result of the attacks, the company suspended OnRamp, a service based on the company's open source ad-serving software, in order to conduct an investigation into the breach. The company said its paid services -- OpenX Enterprise and OpenX Market -- rely on a different code base and are unaffected. The company also said it could not predict when or whether it would restore OnRamp service.

On Tuesday, it became clear that OnRamp will not be revived. Characterizing the breach as "a serious malicious hacker intrusion," the company said in a follow-up forum post that the increased frequency of malicious hacking has made it virtually impossible to keep OnRamp secure "in an environment of increasingly sophisticated and powerful intrusions that exploit open source software."

[ Can hackers' power cause dead bodies to rise from the grave? See Zombie Alert Hoax: Emergency Broadcast System Hacked. ]

Malicious advertising, or malvertising, is not a new phenomenon, but it doesn't typically result in complete surrender.

However, recent vulnerabilities in Java have helped hackers distribute malware through ad networks. Security firm Trusteer last month published a report detailing how a malvertising campaign distributed Blackhole exploits kits through ads carried on the Clicksor network.

"Using Clicksor as the malvertising platform allows hackers to reach a very wide audience, while allowing the hacker to distribute the malware at a very low cost (starting at $0.50 per 1,000 impressions)," Trusteer said in a blog post. "Clicksor (and other legitimate online advertising services) has no idea, of course, that these legitimate looking, paid advertisements contain malware."

Exploit kits like Blackhole are regularly updated to include code that exploits newly discovered vulnerabilities. As a consequence, Internet users with vulnerable browsers may see their systems compromised when visiting Web pages that display ads carrying these exploit kits.

Ashkan Soltani, an independent security researcher who previously served as staff technologist at the Federal Trade Commission, observed in an email that malvertising appeals to hackers because it's a far more efficient way to distribute malware than trying to hack websites on an individual basis. He likened it to "poisoning the reservoir."

Soltani also questioned the notion that the openness of OnRamp's service doomed it. "Google's ad platform is an 'open system' where anyone can submit ads but we don't see anywhere near the amount of abuse," he said.

OpenX declined to comment beyond the forum posts it published. The company plans to reactivate OnRamp next Tuesday to allow customers to access and export their data, but not to serve ads. On Friday, March 22, 2013, at 5:00 p.m. Pacific Time, OnRamp will be shut down permanently.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
5/14/2013 | 7:28:32 AM
re: Besieged By Hackers, OpenX Will Close Open Ad Platform
We have platform which is built on openX source / install version, runs smoothly with free of any attacks or exploits. We can assist you in setting up adnetwork, send your queries to or visit our website at
User Rank: Apprentice
3/9/2013 | 2:45:54 AM
re: Besieged By Hackers, OpenX Will Close Open Ad Platform
If a publisher decided to go for DFP Small Business, we are ready to help with setting up the Ad Server please send your requests to or visit our website at
User Rank: Ninja
2/19/2013 | 7:32:59 AM
re: Besieged By Hackers, OpenX Will Close Open Ad Platform
That is a shame that they got great financial backing and couldnGÇÖt find or create defense mechanisms to ward off hackers. It also appears that real companies that are utilizing these resources are going to have to now find alternatives to advertise with. Do they also have any particular individuals and or groups that are responsible?

Paul Sprague
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Current Issue
Dark Reading Tech Digest September 7, 2015
Some security flaws go beyond simple app vulnerabilities. Have you checked for these?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-09
The Telephony component in Apple OS X before 10.11, when the Continuity feature is enabled, allows local users to bypass intended telephone-call restrictions via unspecified vectors.

Published: 2015-10-09
The Safari Extensions implementation in Apple Safari before 9 does not require user confirmation before replacing an installed extension, which has unspecified impact and attack vectors.

Published: 2015-10-09
The API in the WebKit Plug-ins component in Apple Safari before 9 does not provide notification of an HTTP Redirection (aka 3xx) status code to a plugin, which allows remote attackers to bypass intended request restrictions via a crafted web site.

Published: 2015-10-09
The Intel Graphics Driver component in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5877.

Published: 2015-10-09
The Login Window component in Apple OS X before 10.11 does not ensure that the screen is locked at the intended time, which allows physically proximate attackers to obtain access by visiting an unattended workstation.

Dark Reading Radio
Archived Dark Reading Radio
What can the information security industry do to solve the IoT security problem? Learn more and join the conversation on the next episode of Dark Reading Radio.