Backdoor in popular ad-serving software opens websites to remote hijacking

If you installed the OpenX ad server in the past nine months, there's a chance hackers have a backdoor that gives them administrative control over your Web server, in many cases including passwords stored in databases, security researchers warned.

The hidden code in the proprietary open-source ad software was discovered by a reader of Heise Online (Microsoft Translator), a well-known German tech news site, and it has since been confirmed by researchers from Sucuri. It has gone undetected since November and allows attackers to execute any PHP code of their choice on sites running a vulnerable OpenX version.

Coca-Cola, Bloomberg, Samsung, CBS Interactive, and eHarmony are just a small sampling of companies the OpenX website lists as customers. The software company, which also sells a proprietary version of the software, has raised more than $75 million in venture capital as of February 2013.

Read 10 remaining paragraphs | Comments