Tucows is the latest victim of hackers, who exploit a recent OpenX vulnerability to push malicious code onto legit websites in the form of advertisements.
Malvertizements are ads riddled with malicious code, which either exploit vulnerabilities in outdated software to install malware or promote rogue applications (scareware).
According to a recent report
from Web security vendor Dasient, as much as 1.6 million malvertisements are served on a daily basis to Web users.
During the past week, a number of high profile websites including The Pirate Bay, AfterDawn or eSarcasm had their advertising operations compromised
Researchers from ParetoLogic, report
that software download website Tucows is the last addition to the list and was found serving a drive-by-download-type exploit from advertise.tucows.com.
The malicious code was being loaded from external domains registered to an address in Russia and was targeting the Microsoft Windows Help Center vulnerability
patched earlier this year.
Successful exploitation led to a variant of the Bredolab trojan being installed on the victim's computer. This threat is known a distribution platform for rogue antivirus programs.
Andy Walker, Tucows General Manager, confirmed for ParetoLogic that the incident was the result of hackers compromising the OpenX server used by the company to deliver ads.
"We detected the intrusion, patched the vulnerability in OpenX and resolved the issue quickly
," the company representative noted.
OpenX is a popular open source platform, which allows webmasters to sell and serve ads without the need of signing up for third-party hosted services like Google AdSense.
Two days ago the OpenX development team has released version 2.8.7 of the application in order to patch the vulnerability that enabled this and the previously mentioned attacks.
"It has been brought to our attention that there is a vulnerability in the 2.8 downloadable version of OpenX that can result in a server running the downloaded version of OpenX being compromised.
"To avoid this issue, we recommend that all users immediately upgrade their systems to 2.8.7
," the developers write in a post
on the project's official blog.