Antivirus firm McAfee warned Windows users that the company had discovered a worm, dubbed W32/Realor, actively infecting Real Media files. The infected video files do not contain an exploit for the RealOne or Real players, but a hyperlink that points to a malicious Web site. When infected files are opened, the victim is referred to the Web site, which attempts to compromise their computer using a previously patched flaw in Internet Explorer.
There are numerous disadvantages to using video files to carry malicious code, but using the technique may allow attacker to take advantage of users’ expectations, said Craig Schmugar, senior threat researcher with McAfee’s antivirus emergency response team.
“A chunk of people generally regard video files as safe, where they might treat screensavers and Office documents with some caution,” Schmugar said.
Sources: SecurityFocus, McAffe.
Read McAfee Avert Labs Blog post on this here.