Trojan hides itself in RealMedia files

Trojan hides itself in RealMedia files


Next time you casually go to view a video file of the RealMedia variety (for example a .rm or .rmvb file) be aware that you may unwittingly be allowing a trojan onto your computer. A nasty that Symantec has dubbed Trojan.Realor when executed scans the computer for RealMedia files and inserts a hyperlink into them. When the infected files are viewed, the Real media player attempts to load an external webpage in the default browser.

The website then reportedly attempts to exploit a vulnerability in one of the browser's underlying components - MDAC, or Microsoft Data Access Components. The user may only notice a seemingly harmless error message, but behind the scenes a hidden IFRAME object is loading the malicious code.

If the exploit is successful, the trojan then searches for further RealMedia files into which to insert the hyperlink and the cycle continues. Fortunately the vulnerabilty mentioned here has already been addressed by Microsoft with the patch for Security Bulletin MS06-014, but that won't help any folks who haven't yet implemented said patch.

As always, users are urged to follow safe computing practices and exercise due caution. Symantec antivirus definitions dated November 17 or later will protect against this threat.