“Looking through yesterday's logs, there were 12 sites compromised this way,” Van Der Horst said.
OpenX announced in December that a remote vulnerability exists in version 2.8.2 of its software and provided an update to fix the issue. All affected sites except the Italian iPhone site were running this vulnerable version, Blue Coat researchers said.
They believe the Italian iPhone site, currently using the latest version of OpenX, likely also was compromised while using a previous version and failed to clean up the attacker's code during the update process. Another scenario is that there is a new, undiscovered vulnerability in OpenX 2.8.5, the latest version of the ad server.
A spokesperson for OpenX did not respond to a request for comment made by SCMagazineUS.com on Friday.
The malicious PDFs used in the attacks are detected by most traditional anti-virus scanners, Chris Larsen, senior malware researcher at Blue Coat, told SCMagazineUS.com on Friday. In addition, having an up-to-date version of Adobe Reader should protect users.
The victim sites are likely still infected and will continue to send traffic to the malware network until they're cleaned up by their administrators, Larsen said. A typical website today has many different components, making it hard for webmasters to keep track of everything.