Still More Malicious Ads
About two months ago (OpenX Serving More Than Ads) I wrote about compromised ad servers silently connecting browsers to malware while users perused legitimate sites.
Out-of-date ad server software continues to be a problem. Here are some examples from last week...
The site soaps.sheknows.com uses OpenX to display an image linked to their Facebook page:
The site lovingyou.com has a large banner ad on its main page, which changes when the page is refreshed:
Lastly, here's a banner ad that appeared on indianexpress.com and expressindia.com, both of which use the same OpenX ad server (promo.expressindia.com):
This advertisement actually originates from doubleclick.net, but the ExpressIndia sites use OpenX to wrap the code that serves the ad. When the legitimate ad is injected, so is an invisible iframe that points to malware.
It's always important to keep your software up-to-date. This especially holds true for services running on publicly accessible servers. All of these examples are running OpenX version 2.8.1 (current version is 2.8.5; these sites are about 6 months behind.)
And, if you think that only ad servers hosted by smaller sites are to blame, think again. Even large advertising networks fall prey to Bad Guys who inject malicious content into ad streams. Over the past week, I've observed connections to malware sites that have originated from ads served on pages like nasdaq.com, nydailynews.com, and latimes.com.