Report: RealPlayer Under Attack

LOS ANGELES – Security experts are warning of a massive and coordinated attack by Chinese hackers currently underway that uses malicious code to exploit a serious vulnerability in the RealPlayer platform.

While RealPlayer is not as widely used on adult entertainment websites as are other video technologies, such as Windows Media Player and Adobe’s Flash Video, the attack is still cause for concern amongst website operators.

The vulnerability was reported by security expert Evgeny Legerov of GLEG Ltd., and according to SANS’ Scott Fendley involves “JavaScript obfuscations, multiple I-frame redirectors to and from internal pages, and scripts within the domains.”

An unspecified error that can cause a buffer overflow in the handling of playlist names is blamed for the vulnerability, which can allow remote hackers to execute arbitrary code; inflict denial of service attacks; or even completely control affected systems.

There is currently no reported remedy for this vulnerability other than limiting user’s multimedia playback to systems other than RealPlayer.

According to SANS, the attacks are coming from files named 0.js and r.htm, and hosted on the uc8010.com, ucmal.com and rnmb.net domains; although files and domains are subject to change as the problem is being pursued.

Blocking these domains is highly recommended, as is removing the RealPlayer software.

“The campaign's success entirely relies on the eventual presence of RealPlayer on the infected machine,” Dancho Danchev, an Internet security consultant, said.

According to SANS, the embedded exploits are turning up on social networking sites such as MySpace and have compromised numerous websites, including governmental and educational sites, as well as the website of security software vendor CA.

Related:  

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More News

Clip Page Launches 'Creator Analytics' Feature

Custom content marketplace Clip Page has launched the Creator Analytics feature on its platform.

BBWXXXAdventures Relaunches Through Grooby's Blue.xxx

Paysite BBWXXXAdventures has relaunched under Grooby's new website management company Blue.xxx.

Flirt4Free Announces 'Tease the Season' Holiday Contest

Flirt4Free has announced its Tease the Season promo and model contest, which will run Dec. 21-25.The competition is led by the return of the Snowflake Contest, where models can be gifted digital snowflakes by their fans. The models who collect the most snowflakes by 11:59 a.m. on Christmas Day will win cash prizes.

SWR Data Publishes 2024 'Top Creator Platforms' Report

Adult industry market research firm SWR Data has published a report on the Top Creator Platforms of 2024.

MintStars Joins Pineapple Support as Supporter-Level Sponsor

Content platform MintStars has joined the ranks of over 60 adult businesses and organizations committing funds and resources to Pineapple Support.

Politicians Aim to Study Effects of FOSTA-SESTA on Sex Workers

In an encouraging sign for sex workers, California State Representative Ro Khanna and U.S. Senator Elizabeth Warren of Massachusetts have reintroduced the SAFE SEX Workers Study Act, which aims to study the effects of FOSTA-SESTA.

Pornhub to Shut Down Access in Florida Over Age Verification

Aylo will geoblock Pornhub across Florida starting Jan. 1, when HB 3, the state's age verification law, goes into effect.

AEBN Publishes Popular Searches by Country for October, November

AEBN has released the list of popular searches from its straight and gay theaters by country in October and November.

Jacquie et Michel Acquired by 'International Fund'

French adult studio Jacquie et Michel has been acquired by an international fund, marking a significant development for the well-known brand.

YouPay Joins Pineapple Support as Sponsor, Introduces 'Permanent Donation' Feature

Australian gifting platform YouPay has joined the ranks of Pineapple Support’s partner-level sponsors.

Show More