Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

2/12/2013
06:16 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Besieged By Hackers, OpenX Will Close Open Ad Platform

Self-service ad platform proves indefensible when hackers come knocking.

OpenX, a digital and mobile ad company that has received more than $70 million in funding from several venture capital firms including Samsung Venture Investment Corporation, has decided to abandon OnRamp, its free, self-service ad platform, because it couldn't defend against hackers.

On Monday, the company said in a forum post that "OnRamp has been the subject of escalating hacker activity in recent months, culminating in a serious attack that occurred Saturday, February 9, 2013."

As a result of the attacks, the company suspended OnRamp, a service based on the company's open source ad-serving software, in order to conduct an investigation into the breach. The company said its paid services -- OpenX Enterprise and OpenX Market -- rely on a different code base and are unaffected. The company also said it could not predict when or whether it would restore OnRamp service.

On Tuesday, it became clear that OnRamp will not be revived. Characterizing the breach as "a serious malicious hacker intrusion," the company said in a follow-up forum post that the increased frequency of malicious hacking has made it virtually impossible to keep OnRamp secure "in an environment of increasingly sophisticated and powerful intrusions that exploit open source software."

[ Can hackers' power cause dead bodies to rise from the grave? See Zombie Alert Hoax: Emergency Broadcast System Hacked. ]

Malicious advertising, or malvertising, is not a new phenomenon, but it doesn't typically result in complete surrender.

However, recent vulnerabilities in Java have helped hackers distribute malware through ad networks. Security firm Trusteer last month published a report detailing how a malvertising campaign distributed Blackhole exploits kits through ads carried on the Clicksor network.

"Using Clicksor as the malvertising platform allows hackers to reach a very wide audience, while allowing the hacker to distribute the malware at a very low cost (starting at $0.50 per 1,000 impressions)," Trusteer said in a blog post. "Clicksor (and other legitimate online advertising services) has no idea, of course, that these legitimate looking, paid advertisements contain malware."

Exploit kits like Blackhole are regularly updated to include code that exploits newly discovered vulnerabilities. As a consequence, Internet users with vulnerable browsers may see their systems compromised when visiting Web pages that display ads carrying these exploit kits.

Ashkan Soltani, an independent security researcher who previously served as staff technologist at the Federal Trade Commission, observed in an email that malvertising appeals to hackers because it's a far more efficient way to distribute malware than trying to hack websites on an individual basis. He likened it to "poisoning the reservoir."

Soltani also questioned the notion that the openness of OnRamp's service doomed it. "Google's ad platform is an 'open system' where anyone can submit ads but we don't see anywhere near the amount of abuse," he said.

OpenX declined to comment beyond the forum posts it published. The company plans to reactivate OnRamp next Tuesday to allow customers to access and export their data, but not to serve ads. On Friday, March 22, 2013, at 5:00 p.m. Pacific Time, OnRamp will be shut down permanently.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
PJS880
50%
50%
PJS880,
User Rank: Ninja
2/19/2013 | 7:32:59 AM
re: Besieged By Hackers, OpenX Will Close Open Ad Platform
That is a shame that they got great financial backing and couldnGt find or create defense mechanisms to ward off hackers. It also appears that real companies that are utilizing these resources are going to have to now find alternatives to advertise with. Do they also have any particular individuals and or groups that are responsible?

Paul Sprague
InformationWeek Contributor
DFPexpert
50%
50%
DFPexpert,
User Rank: Apprentice
3/9/2013 | 2:45:54 AM
re: Besieged By Hackers, OpenX Will Close Open Ad Platform
If a publisher decided to go for DFP Small Business, we are ready to help with setting up the Ad Server please send your requests to [email protected] or visit our website at www.adopsguys.com
AdServer
50%
50%
AdServer,
User Rank: Apprentice
5/14/2013 | 7:28:32 AM
re: Besieged By Hackers, OpenX Will Close Open Ad Platform
We have platform which is built on openX source / install version, runs smoothly with free of any attacks or exploits. We can assist you in setting up adnetwork, send your queries to [email protected] or visit our website at www.openxservices.com
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/28/2020
Stay-at-Home Orders Coincide With Massive DNS Surge
Robert Lemos, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Can you smell me now?
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11844
PUBLISHED: 2020-05-29
There is an Incorrect Authorization vulnerability in Micro Focus Service Management Automation (SMA) product affecting version 2018.05 to 2020.02. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation.
CVE-2020-6937
PUBLISHED: 2020-05-29
A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion.
CVE-2020-7648
PUBLISHED: 2020-05-29
All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk's internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json`
CVE-2020-7650
PUBLISHED: 2020-05-29
All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json.
CVE-2020-7654
PUBLISHED: 2020-05-29
All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG.