Vulnerabilities / Threats
2/12/2013
06:16 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Besieged By Hackers, OpenX Will Close Open Ad Platform

Self-service ad platform proves indefensible when hackers come knocking.

OpenX, a digital and mobile ad company that has received more than $70 million in funding from several venture capital firms including Samsung Venture Investment Corporation, has decided to abandon OnRamp, its free, self-service ad platform, because it couldn't defend against hackers.

On Monday, the company said in a forum post that "OnRamp has been the subject of escalating hacker activity in recent months, culminating in a serious attack that occurred Saturday, February 9, 2013."

As a result of the attacks, the company suspended OnRamp, a service based on the company's open source ad-serving software, in order to conduct an investigation into the breach. The company said its paid services -- OpenX Enterprise and OpenX Market -- rely on a different code base and are unaffected. The company also said it could not predict when or whether it would restore OnRamp service.

On Tuesday, it became clear that OnRamp will not be revived. Characterizing the breach as "a serious malicious hacker intrusion," the company said in a follow-up forum post that the increased frequency of malicious hacking has made it virtually impossible to keep OnRamp secure "in an environment of increasingly sophisticated and powerful intrusions that exploit open source software."

[ Can hackers' power cause dead bodies to rise from the grave? See Zombie Alert Hoax: Emergency Broadcast System Hacked. ]

Malicious advertising, or malvertising, is not a new phenomenon, but it doesn't typically result in complete surrender.

However, recent vulnerabilities in Java have helped hackers distribute malware through ad networks. Security firm Trusteer last month published a report detailing how a malvertising campaign distributed Blackhole exploits kits through ads carried on the Clicksor network.

"Using Clicksor as the malvertising platform allows hackers to reach a very wide audience, while allowing the hacker to distribute the malware at a very low cost (starting at $0.50 per 1,000 impressions)," Trusteer said in a blog post. "Clicksor (and other legitimate online advertising services) has no idea, of course, that these legitimate looking, paid advertisements contain malware."

Exploit kits like Blackhole are regularly updated to include code that exploits newly discovered vulnerabilities. As a consequence, Internet users with vulnerable browsers may see their systems compromised when visiting Web pages that display ads carrying these exploit kits.

Ashkan Soltani, an independent security researcher who previously served as staff technologist at the Federal Trade Commission, observed in an email that malvertising appeals to hackers because it's a far more efficient way to distribute malware than trying to hack websites on an individual basis. He likened it to "poisoning the reservoir."

Soltani also questioned the notion that the openness of OnRamp's service doomed it. "Google's ad platform is an 'open system' where anyone can submit ads but we don't see anywhere near the amount of abuse," he said.

OpenX declined to comment beyond the forum posts it published. The company plans to reactivate OnRamp next Tuesday to allow customers to access and export their data, but not to serve ads. On Friday, March 22, 2013, at 5:00 p.m. Pacific Time, OnRamp will be shut down permanently.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
AdServer
50%
50%
AdServer,
User Rank: Apprentice
5/14/2013 | 7:28:32 AM
re: Besieged By Hackers, OpenX Will Close Open Ad Platform
We have platform which is built on openX source / install version, runs smoothly with free of any attacks or exploits. We can assist you in setting up adnetwork, send your queries to info@openxservices.com or visit our website at www.openxservices.com
DFPexpert
50%
50%
DFPexpert,
User Rank: Apprentice
3/9/2013 | 2:45:54 AM
re: Besieged By Hackers, OpenX Will Close Open Ad Platform
If a publisher decided to go for DFP Small Business, we are ready to help with setting up the Ad Server please send your requests to info@adopsguys.com or visit our website at www.adopsguys.com
PJS880
50%
50%
PJS880,
User Rank: Ninja
2/19/2013 | 7:32:59 AM
re: Besieged By Hackers, OpenX Will Close Open Ad Platform
That is a shame that they got great financial backing and couldnG«÷t find or create defense mechanisms to ward off hackers. It also appears that real companies that are utilizing these resources are going to have to now find alternatives to advertise with. Do they also have any particular individuals and or groups that are responsible?

Paul Sprague
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: nice post
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1750
Published: 2015-07-01
Open redirect vulnerability in nokia-mapsplaces.php in the Nokia Maps & Places plugin 1.6.6 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the href parameter to page/place.html. NOTE: this was originally reported as cross-sit...

CVE-2014-1836
Published: 2015-07-01
Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the image_path parameter in a cancel action.

CVE-2015-0848
Published: 2015-07-01
Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image.

CVE-2015-1330
Published: 2015-07-01
unattended-upgrades before 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages via unspecified vecto...

CVE-2015-1950
Published: 2015-07-01
IBM PowerVC Standard Edition 1.2.2.1 through 1.2.2.2 does not require authentication for access to the Python interpreter with nova credentials, which allows KVM guest OS users to discover certain PowerVC credentials and bypass intended access restrictions via unspecified Python code.

Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report