"Security experts have been warning for months about mysterious attacks on OpenX installations in which the site owners discovered new rogue administrator accounts," Krebs writes. "That access allows miscreants to load tainted ads on sites that rely on the software. The bad ads usually try to foist malware on visitors, or frighten them into paying for bogus security software. OpenX is only now just starting to acknowledge the attacks, as more users are coming forward with unanswered questions about the mysteriously added administrator accounts."
Krebs says OpenX CTO Michael Todd hopes to roll out an official fix as soon as possible -- in the interim, Todd has posted a list of steps for users to take to protect their systems. "What we’re going to do early next week -- on Monday or Tuesday -- is release a new version of OpenX for people to download as soon as possible," Todd said. "We’re taking an extra few days to make sure that this gets done correctly and that we’re doing all the testing we need to do before we push that out."