The two prong hack features two common techniques in releasing viruses these days: a “SQL injection” attack to the OpenX ad server which essentially forces an entry into the ad database, followed by a “iFrame” attack which loads a new page within the same window in your browser, enabling the hacker to fire a number of different pieces of code from the new “framed” page.

An iFrame attack can be avoided by using any decent anti-virus software to block the source, however a “SQL injection” is another matter. I’ve recommended that any of my clients using the OpenX software upgrade to the latest version and attempt to hide any publicly available database config info.

Speaking as a person who’s used a SQL Injection technique in a non-malicious way (as part of a plugin), the best route is to always make sure you keep your password hidden and up-to-date.