Thread

I learned first hand how some of these hackers work, our website, (Not an EE site) was hacked and they placed in the Ad code within the datase a bogus google-analytics urchin script. The bogus link went to google-anallytics with 2 - L’s.
http://google-anallytics.com/urchin.js
So they even created a domain to host their malicious scripts.
The script created an instance where when the ads loaded on a page clicking any link on the page would send you to the malicious site hosted in Kishinev, Chisinau—Russia or some Moldova location.
Of course they took Christmas weekend to launch such an exploit.
The resulting malware was nothing new a bogus virus scanner to download, and probably try and gain people’s CC #‘s.

Wow it was an eye-opening learning experience, and a reason to stay up to date with the latest softwares, our ad software is a few version old now.
I’m told it was an SQL injection attack by doing a query of some sort that gave them the free rein.
:(

What was the add software used?
Why I hate open (forgotten) source.

It was an old version of an .asp software AdMentor, I guess this was the second time it’s happened. The programmer is able to prevent future attacks once the exploit is identified, but a project like this one is sort of a dormant cause. As far as the open source community for this particular installation.