OpenX hack: Beware of Personal Shield Pro

I just got a message from the folks at GMO cloud and Armorize about a new attack they're monitoring. Here are the raw details as I received them:

As the result of a joint effort between GMO cloud and Armorize, Wayne Huang and GMO Cloud spokesperson Emiko Okamoto, are releasing the attached blog post detailing a newly identified anti-virus attack. This ransomeware is known as Personal Shield Pro.

Additional details:

--Impact: Visitors to infected websites are infected permanently with the fake antivirus ransomware "Personal Shield Pro."

--Cause: Vulnerability inside a plugin package offered on the official OpenX website openx.org.

--Exploit pack: The g01pack exploit pack.

--Attack group: Internally we dub it the "dyndns" group, who was responsible for multiple Clicksor incidents that we reported in May, as well as other types of Web malware injection incidents tracing much further back.

--For further information, please see this video: http://www.youtube.com/watch?v=MeyCTBlI81w&feature=player_embedded

--There are a number of US sites and international sites infected but the total magnitude is unknown.

I'm told their blog post will appear sometime this afternoon, complete with screen captures and other graphics.

--Bill Brenner

Copyright © 2011 IDG Communications, Inc.

Make your voice heard. Share your experience in CSO's Security Priorities Study.