Hackers have rooted into a server owned by internet advertising network 24/7 Real Media and used it to serve malware-laced banner ads that tried to circumvent security mechanisms on end users' machines, Symantec researchers said. The malware exploited a previously unknown vulnerability in Real Player that was patched on Friday …
Well, serves you right....
That's what you get for having the "spyware" Realplayer installed.
Real shite and the Beeb
This news item comes as no surprise to me.
I have long avoided all Real Media software and - patched or unpatched - would never let Real Player near my machine, mainly because it is hopelessly buggy and inherently insecure (see El Reg passim) but also because it constantly tries to phone home and spy on me.
Worryingly, the BBC's 'Listen Again' feature still requires users to download RP. As a licence payer, I strongly object to the Beeb pimping a flawed and insecure proprietary programme. It's not as if they warned users of the potential risk or offered security advice.
Internet security is virtually a contradiction in terms nowadays, of course. But that still doesn't absolve public service providers from their responsibility to help safeguard users wherever possible. As far as I am concerned, advocating Real Media's products is an obvious dereliction of that duty of care.
I quit RealPlayer eons ago
They have already disgusted me once with their Big Brother tactics and pushy adware tendancies.
I won't be installing that tripe again. I don't care how "good" it has become, or that this issue is independant of their will. RealMedia has proven itself to be run by crooks, and once a crook, always crooked in my book.
As far as I'm concerned, RealMedia can shrivel up and die.
A small correction.
"People who use RealPlayer should download a patch, ...."
No, people who use RealPlayer should just stop. The only thing to do with Real that they should be downloading is Real Aternative.
I'm with Andy
Anyone stupid enough to have that crap installed deserves to be hit with spyware..
Shocking! And to think such a thing would happen even after Real cleaning up their act (for the n:th time)!
Which parts of Real Player were compromised and could this same vulnerability affect those using Real Alternative (which must use some parts of Real Player, right?)
No Paris Hilton angle? Dear Reg, how can this be?
And also: fixed my system by uninstalling realplayer. Pity that some sites still require it for their vids and that streaming video on windows media player is so buggy (at least in my experience).
I guess some people will think I deserve the PH icon just for saying that I hope all vids should be flash vids from now on. Most sites that use WMP or Real have let me down sooner or later. All those flash web2.0 thingies do work at least. And so far I did not have to upgrade flash each day.
Okay, Real Networks, Real Media and RealPlayer aside, who actually wants to look at ads all day as they surf the web anyway?
Seeing just a few people actually admit to it begs my next question: why are people not blocking it - all of it?
Host malware, go to... Cabo San Lucas
"An IFrame contained in the tainted ads pointed to malicious code hosted on a server located in the Netherlands that has a history of attacking honeypot machines maintained by Symantec."
A glaringly obvious question: Why have the legal authorities in the Netherlands not arrested that server's operator?
Oh, wait, it's neither the UK nor the US, and he's not providing links to copyrighted shite, so the plods can't be buggered to get off their arses, can they?
- Boffins attempt to prove the UNIVERSE IS JUST A HOLOGRAM
- China building SUPERSONIC SUBMARINE that travels in a BUBBLE
- Review Raspberry Pi B+: PHWOAR, get a load of those pins
- Experimental hypersonic SUPERMISSILE destroyed 4 SECONDS after US launched it
- That 8TB Seagate MONSTER? It's HERE... (You'll have to squint, 'cos there are no specs)