An article posted today on Yahoo! Tech News details some recent hacks to popular websites running the popular open-source ad server system OpenX. Among the affected were King Features (a popular comics site), Ain’t it Cool News and Adobe.
The two prong hack features two common techniques in releasing viruses these days: a “SQL injection” attack to the OpenX ad server which essentially forces an entry into the ad database, followed by a “iFrame” attack which loads a new page within the same window in your browser, enabling the hacker to fire a number of different pieces of code from the new “framed” page.
An iFrame attack can be avoided by using any decent anti-virus software to block the source, however a “SQL injection” is another matter. I’ve recommended that any of my clients using the OpenX software upgrade to the latest version and attempt to hide any publicly available database config info.
Speaking as a person who’s used a SQL Injection technique in a non-malicious way (as part of a plugin), the best route is to always make sure you keep your password hidden and up-to-date.