Malvertizing at tweetmeme.com?
Wayne Small, the owner of sbsfaq.com called me today and asked me to look into a malvertizing incident that he experienced while at tweetmeme.com. You can see his report here.
I have not been able to reproduce the behavior that Wayne saw thus far, but do note that tweetmeme seems to be using openx.
There is a vulnerability in older versions of openx that may allow a remote attacker to gain administrator access to the adserver. It is strongly recommended that all users upgrade their systems to 2.8.3 which, apparently, fixes the problem. The download is available at http://www.openx.org/ad-server/download. Information about the openx hack can be found here.
A news report about an openx hack incident can be found here.
I cannot say that an openx vulnerability is definitely the cause of the problem that Wayne saw at tweetmeme, but it seems to be a likely candidate. The only ads that I am seeing at tweetmeme at this point in time are Google/Doubleclick advertisements. Google/Doubleclick are, more often than not, clean (although they have had problems in the past). I am not seeing any evidence of content being hosted on suspicious domains.