Video Screencast Help
Security Response

Trojan Gets Real

Created: 17 Nov 2006 08:00:00 GMT • Updated: 23 Jan 2014 18:55:09 GMT
Symantec Security Response's picture
0 0 Votes
Login to vote

The next time you open and view a video file of the RealMedia variety (for example, an .rm or .rmvb file), be aware that you may unwittingly be allowing a Trojan to execute on your computer. When executed, a nasty threat that Symantec has dubbed Trojan.Realor scans the computer for RealMedia files and inserts a hyperlink into them. When the infected files are opened, the RealMedia player attempts to load an external Web page in the computer's default browser.

The Web site (unavailable at the time of this writing) reportedly attempts to exploit a vulnerability in one of the browser's underlying components – Microsoft Data Access Components, or "MDAC" for short. The user may only notice a seemingly harmless error message, but behind the scenes a hidden IFRAME object is loading the malicious code.

If the exploit is successful, theTrojan then searches for further RealMedia files, into which it will attempt to insert the hyperlink, and so the cycle continues. Fortunately, the vulnerabilty mentioned here has already been addressed by Microsoft with the patch for Security Bulletin MS06-014, but that won't help any folks who haven't yet implemented the said patch. As always, users are urged to follow safe computing practices and exercise due caution. Symantec's antivirus definitions that are dated November 17 or later will protect against this threat.