Revive Adserver (previously known as OpenX) is a free ad serving system, which helps companies to display ads on websites and then allows them to collect information about users’ reactions. However, no matter how experienced the team of this advertisement solution is, security experts have recently warned about several security flaws that were spotted on it. It seems that they can be easily used for malvertising and other malicious activities. If you want to stay protected, choose only the latest Revive Adserver’s version (3.0.0 at the moment) and make sure you use a strong password for your administrator account.
Those who are interested in security will remember almost the mostly escalated malvertising campaign, which involved the biggest world’s newspaper website The New York Times. Seeking to fulfill their plan and start spreading malware, hackers then presented themselves as a legitimate company and simply bought an advertising space on the newspapaper where they put their malicious ad. Of course, this trickery was very primitive and in most of the cases they take over popular sites and then misuse them for malware’s distribution with a help of more sophisticated methods. It seems that one of these has been recently revealed by Antonin Hyza, who works for Avast.
Accroding to an article that was posted on Avast Blog, hackers can steal Revive Adserver’s administrator loggins and passwords with a help of SQL injection. Once they take over these details, they can exploit another flaw and get ability to upload backdoors that can be used for various purposes, such as server’s control or the interface of the database. As a result, hackers get ability to insert malicious java-script. As Hyza claims, he managed to find files that contained the script, which could connect to the database and either remove or add injected scripts. Once it’s done, website is filled with the banner that redirects visitors to a specific website which checks computer for vulnerable Java versions and infects it if it is possible.
It seems that the researcher has found more than one Revive Adserver (former OpenX) server, which is vulnerable at the moment. In order to avoid unexpected infections, you must always be sure that your computer is protected by latest anti-virus and anti-spyware versions.