14 DAY TRIAL // We all know this had to happen, so here it is: the first Christmas infection which attempts to install on Windows 2000 and Windows XP platforms. JS_REALPLAY.J is a malicious JavaScript that can be dropped on your computer once you visit an infected website used in the attack. And more important, the script attempts to exploit a vulnerability in RealPlayer "that causes a stack overflow and allows the download of possibly malicious files on the affected system," as security vendor Trend Micro noted.
According to the security notification, the following RealPlayer versions have been flagged as vulnerable to attacks: 6.0.10, 6.0.11, 6.0.12, 6.0.14, 6.0.14.536, 6.0.14.543, 6.0.14.544, 6.0.14.550 and 6.0.14.552.
Since it affects only the Windows XP and Windows 2000 operating systems, the JavaScript first scans the targeted system to identify the platform and find out if there's any sign of an Internet Explorer 6 or Internet Explorer 7 installation. "It also checks if RealPlayer is installed on the system and what version of the player is installed to determine the first few bytes of shell code that it writes on the affected system," Trend Micro noted.
After the infection has been done, JS_REALPLAY.J starts the assault: it connects to a malicious website and attempts to deploy additional dangerous files, identified by Trend Micro as PE_MUMAWOW.AO-O. The downloaded file is then dropped as an executable file in the main Windows folder. "As a result, malicious routines of the downloaded file may be exhibited on the affected system," the security company added.
The JavaScript shouldn't be a problem if you have a patched version of RealPlayer or if your antivirus is up-to-date with the latest virus definitions. However, you're always advised to avoid visiting suspicious websites that may attempt to deploy the said infection on your computer.
If you want to download the latest release of RealPlayer, you can get it straight from Softpedia using the following link.