Almost a week back, Cleartrip’s ad server was hacked and was serving malicious code. However, cleartrip was informed of this breach immediately and the company fixed it immediately.
Cleartrip uses Openx to serve ads on its site. As per Websense, it looks like the attackers gained control of the website’s ad system since malicious code was restricted and served from that area only.
In cleartrip’s case, the local ads were served by cleartrip.com itself and not by any third party. By having unauthorized access to the Openx advertising component on the website, the attackers succeeded in sabotaging and injecting ads with malicious code.
- Importantly, the redirector did not redirect directly to the exploit website, but to a Traffic Direction System, that redirects to exploited site if the visiting browser fulfills certain conditions.
More details at Websense.