Reply to: CUK May have yet another virus

That had me wondering too.

Perhaps they are hoping you will reinstall an ancient version you have lying around on disk?

They could have been lying of course...

... or trying to point you at a dodgy version of Java to download

I'd say the amateur hour is also on the code writer - since the malicious code seems to want to uninstall the environment it needs to run!!

Java code wanting to uninstall Java Runtime??

Thanks Nick.
Think I'd better run a full scan when I get back.
I think I'd better review my antivirus provision as well. Any suggestions?

http://forums.contractoruk.com/gener...ml#post1542064

Seems like it's primarily aimed at getting scareware on to systems: OpenX ads leading to malware c/o ‘BlackAdvertsPro’ | Naked Security

Do you know what the virus is and what it does? Think I may have been hit by it last night and wondering if I'm fewked.

How so? Did I miss something?

Just disable the antivirus.

I do hope Admin ups their rep power ang gives that -ve.

On the other hand only a few more days of putting up with MF.

It's not the price but that it is hosted by them and as you said, they haven't been too hot in protecting themselves. Also this isn't a huge site and the hosted solution would be overkill for us. I am quite capable of hosting the thing, backing it up and working the interface without some grinning permie explaining to me how to use it. I just need the thing to be secure and to be told if / when there are patches or updates that need applying.

It's a bit of an moment trying to look at their site with Javascript disabled

And no, I don't feel inclined to switch JS on to see them, just in case there is still a nasty lurking.

I thought I'd go take a look at openx to see how expensive the non-opensource version is.

I don't think their site is intended to be viewed using adblock plus , however, given the malicious trojans that they seem to be bad at protecting themselves against then I'm not going to unblock their ad's to see. Ho hum.

It's like ******* amateur hour on here. Come on Ad, sort your tulip out.

Cheers guys, yes looks to be the same beasty as last week. OpenX (ad manager) released a new patch yesterday:
OpenX Blog » OpenX Source 2.8.9 Security Release

Last time there was an upgrade released they emailed me on the three different addresses I have signed up to their mailing list, but this time nothing. Couple that with the source of the infection last week being a hack on their own site (OpenX CSRF Vulnerability Being Actively Exploited | InfosecStuff) then it does not leave me overly impressed with them but there is nothing else out there that I can find that gives me the functionality I would like (and no, dropping Trojans on you all is not the functionality I am looking for).

Yes we did also have another hack a month or so ago but this was not the ad manager, it was vBulletin (the forum software) to blame...

Can't remember the time before that but was about a year ago I think and I was able to catch that one pretty quickly but this year there does seem to be a raft of them.

Do shoot me a PM if you spot anything like this as that goes to my email as well as the forum pop up so will spot things much quicker.

I have cleaned up the source of the infection (JavaScript injection into the prepend field of all rows in the banner table, so not just the new banner that was infected) and then upgraded to the new version. That will have stopped the point of infection and should also stop us being open to the same attack again. Will be voicing my annoyance with OpenX for not emailing their users but as the system is Open Source and they want us to use their paid service then I doubt they will have much sympathy...

I have to use it or the Daily Wail site becomes unuseable. Honest guv.