back to article Real Media attacks real people via RealPlayer

Hackers have rooted into a server owned by internet advertising network 24/7 Real Media and used it to serve malware-laced banner ads that tried to circumvent security mechanisms on end users' machines, Symantec researchers said. The malware exploited a previously unknown vulnerability in Real Player that was patched on Friday …


This topic is closed for new posts.
  1. Andy Worth

    Well, serves you right....

    That's what you get for having the "spyware" Realplayer installed.

  2. Sceptical Bastard

    Real shite and the Beeb

    This news item comes as no surprise to me.

    I have long avoided all Real Media software and - patched or unpatched - would never let Real Player near my machine, mainly because it is hopelessly buggy and inherently insecure (see El Reg passim) but also because it constantly tries to phone home and spy on me.

    Worryingly, the BBC's 'Listen Again' feature still requires users to download RP. As a licence payer, I strongly object to the Beeb pimping a flawed and insecure proprietary programme. It's not as if they warned users of the potential risk or offered security advice.

    Internet security is virtually a contradiction in terms nowadays, of course. But that still doesn't absolve public service providers from their responsibility to help safeguard users wherever possible. As far as I am concerned, advocating Real Media's products is an obvious dereliction of that duty of care.

  3. Pascal Monett Silver badge

    I quit RealPlayer eons ago

    They have already disgusted me once with their Big Brother tactics and pushy adware tendancies.

    I won't be installing that tripe again. I don't care how "good" it has become, or that this issue is independant of their will. RealMedia has proven itself to be run by crooks, and once a crook, always crooked in my book.

    As far as I'm concerned, RealMedia can shrivel up and die.

  4. Anonymous Coward
    Anonymous Coward

    A small correction.

    "People who use RealPlayer should download a patch, ...."

    No, people who use RealPlayer should just stop. The only thing to do with Real that they should be downloading is Real Aternative.

  5. Graham Jordan

    I'm with Andy

    Anyone stupid enough to have that crap installed deserves to be hit with spyware..

  6. Mats Koraeus
    Black Helicopters



    Shocking! And to think such a thing would happen even after Real cleaning up their act (for the n:th time)!


  7. Anonymous Coward
    Anonymous Coward

    Real Alternative?

    Which parts of Real Player were compromised and could this same vulnerability affect those using Real Alternative (which must use some parts of Real Player, right?)

  8. Anonymous Coward
    Paris Hilton

    No Paris Hilton angle? Dear Reg, how can this be?

    And also: fixed my system by uninstalling realplayer. Pity that some sites still require it for their vids and that streaming video on windows media player is so buggy (at least in my experience).

    I guess some people will think I deserve the PH icon just for saying that I hope all vids should be flash vids from now on. Most sites that use WMP or Real have let me down sooner or later. All those flash web2.0 thingies do work at least. And so far I did not have to upgrade flash each day.

  9. B Gracey

    Real Dumb?

    Okay, Real Networks, Real Media and RealPlayer aside, who actually wants to look at ads all day as they surf the web anyway?

    Seeing just a few people actually admit to it begs my next question: why are people not blocking it - all of it?

    Ask your friend who knows a little about computers if you do not - and get into a real browser with plugins to block JavaScript, ads, iframes, and pop-up windows... if your favourite website uses those things, at least you can get to the meat and potatoes more quickly, and (so it seems) have fewer intrusions into your already cluttered computing life. Play safe.

  10. Morely Dotes

    Host malware, go to... Cabo San Lucas

    "An IFrame contained in the tainted ads pointed to malicious code hosted on a server located in the Netherlands that has a history of attacking honeypot machines maintained by Symantec."

    A glaringly obvious question: Why have the legal authorities in the Netherlands not arrested that server's operator?

    Oh, wait, it's neither the UK nor the US, and he's not providing links to copyrighted shite, so the plods can't be buggered to get off their arses, can they?

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021