The modified files have been hosted on the website since November 2012

Aug 6, 2013 15:07 GMT  ·  By

OpenX users are warned that the OpenX download files hosted on OpenX.org until a few hours ago are riddled with a backdoor that could allow cybercriminals to inject and execute arbitrary code on impacted servers.

Heise Security reports that the openx-2.8.10.zip, the tgz and the bz2 archives contained the backdoor. OpenX representatives have told Heise that they’ve removed the compromised files.

However, it appears the malicious files have been on the website since November 2012, so a large number of users could have downloaded them.

Sucuri experts are also investigating the incident. They inform that the backdoor is hidden inside the following file: /plugins/deliveryLog /vastServeVideoPlayer /flowplayer/3.1.1/ flowplayer-3.1.1.min.js

This is not the first time OpenX is compromised. Back in March 2012, OpenX ad servers were hijacked and abused to lure users to malware.

Last month, experts reported identifying several vulnerabilities in OpenX. These security holes have been fixed by the company.