Can it be that Revive Adserver is vulnerable?

Revive Adserver (previously known as OpenX) is a free ad serving system, which helps companies to display ads on websites and then allows them to collect information about users’ reactions. However, no matter how experienced the team of this advertisement solution is, security experts have recently warned about several security flaws that were spotted on it. It seems that they can be easily used for malvertising and other malicious activities. If you want to stay protected, choose only the latest Revive Adserver’s version (3.0.0 at the moment) and make sure you use a strong password for your administrator account.

Those who are interested in security will remember almost the mostly escalated malvertising campaign, which involved the biggest world’s newspaper website The New York Times. Seeking to fulfill their plan and start spreading malware, hackers then presented themselves as a legitimate company and simply bought an advertising space on the newspapaper where they put their malicious ad. Of course, this trickery was very primitive and in most of the cases they take over popular sites and then misuse them for malware’s distribution with a help of more sophisticated methods. It seems that one of these has been recently revealed by Antonin Hyza, who works for Avast.

Accroding to an article that was posted on Avast Blog, hackers can steal Revive Adserver’s administrator loggins and passwords with a help of SQL injection. Once they take over these details, they can exploit another flaw and get ability to upload backdoors that can be used for various purposes, such as server’s control or the interface of the database. As a result, hackers get ability to insert malicious java-script. As Hyza claims, he managed to find files that contained the script, which could connect to the database and either remove or add injected scripts. Once it’s done, website is filled with the banner that redirects visitors to a specific website which checks computer for vulnerable Java versions and infects it if it is possible.

It seems that the researcher has found more than one Revive Adserver (former OpenX) server, which is vulnerable at the moment. In order to avoid unexpected infections, you must always be sure that your computer is protected by latest anti-virus and anti-spyware versions.

Source: blog.avast.com







Your opinion regarding Can it be that Revive Adserver is vulnerable?

Spreading the knowledge:

It is very hard to fight Computer parasites alone in internet space. If you have a website we would be more than happy if you would help us to spread the knowledge about latest threats. You can help your visitors to manage their Computer system manually without aditional expences. Knowledge is the power, we just need to spread it.
add text box
rss feed
help other
Like us on Facebook
Latest spyware news:
Subscribe to spyware news
Please enter your e-mail address:
If you do not want to receive our spyware
newsletter, please unsubscribe here.
Ask us
Encyclopedia of parasites:
Library of files:
Tags:
Your main spyware remover is:
Spyware Doctor
Windows Defender
Spy Sweeper
AVG Anti-Spyware
SUPERAntiSpyware
Spybot - S&D
SpyHunter
Other program
I have two or more programs
I don't need no anti-spyware