Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Malvertizing at tweetmeme.com?

December 28th 2009 in Uncategorized




Wayne Small, the owner of sbsfaq.com called me today and asked me to look into a malvertizing incident that he experienced while at tweetmeme.com.  You can see his report here.

I have not been able to reproduce the behavior that Wayne saw thus far, but do note that tweetmeme seems to be using openx. 

There is a vulnerability in older versions of openx that may allow a remote attacker to gain administrator access to the adserver. It is strongly recommended that all users upgrade their systems to 2.8.3 which, apparently, fixes the problem. The download is available at http://www.openx.org/ad-server/download.  Information about the openx hack can be found here

A news report about an openx hack incident can be found here.

I cannot say that an openx vulnerability is definitely the cause of the problem that Wayne saw at tweetmeme, but it seems to be a likely candidate.  The only ads that I am seeing at tweetmeme at this point in time are Google/Doubleclick advertisements.  Google/Doubleclick are, more often than not, clean (although they have had problems in the past).  I am not seeing any evidence of content being hosted on suspicious domains.

Comments are closed.

See here: http://matchent.com/wpress/?q=node/500   What is interesting is the IP address that the author of the blog post cites as the source of the trouble – belongs to GoDaddy (p3nlh036.shr.prod.phx3.secureserver.net).  The server at that IP is host to over 4,000 web sites.   As for how […]

Previous Entry

Go to https://twitter.com/signup, right click the page, and then select “View Page Source” (FF/Google Chrome) or “View Source” (IE).  There, in all its glory, you will find Twitter’s list of forbidden passwords (all credit to Sophos who pointed out that the list was available for all to see). For what its worth, I have […]

Next Entry