NASA Bans IE?

I heard that NASA is telling employees and contractors not to use IE due to malware affecting Internet Explorer and Real Player.

“Affected Platforms: Any MS Windows system running with Real Player installed and Platforms Internet Explorer used as the routine web browser. At this time it is believed all variations of Internet Explorer and Real Player may be affected.”
They say “The malware appears to be spreading through a large variety of common and highly-respected Internet sites, however it does not appear these sites are themselves infected. The affected sites are serving solely as a mechanism to attract potential victims.”

I haven’t heard anything about attacks through realplayer and IE, much less through common sites that have been exploited. It sounds related to this advisory from Microsoft, but that was IE7 on XP only. There are some RealPlayer issues over at Secunia but that would effect RealPlayer only. The problem wouldn’t be browser specific and a patch is available.
Interesting to see how this develops. If there is a targeted attack against NASA as this would seem to indicate, we’ll hear about it eventually.
update – I have seen an updated email alert from them saying if you need to use IE, you should remove Real.

3 Comments

  1. I’m assuming you mean NASA and IE.
    That information is from an email alert that they sent to their contractors and employees. That is not public information. I went back and forth on whether to disclose the agency name, but I figured someone else would name names even if I didn’t.
    I think they ended up with some egg on their face when it turned out to be a Real Player zero day exploit which could be mitigated with other means. If a company wants to have a firefox only policy they are free to do so, but they shouldn’t make the decision based on FUD and they shouldn’t communicate through FUD either.
    Information on the realplayer zero day is available at http://isc.sans.org/diary.html?storyid=3519

  2. Why would you there’s egg on anyone’s face? The quote you cited says that it’s a realplayer issue, and what other kind of guidance would you give to end users (like the kind that might be traveling with laptops) who aren’t in any position to uninstall realplayer? You also seem to be assuming that’s the only thing they’re doing, while it’s not obvious to me that anyone would outline their entire security response in a widely distributed email that would be certain to be leaked…

Comments are closed.