I heard that NASA is telling employees and contractors not to use IE due to malware affecting Internet Explorer and Real Player.
“Affected Platforms: Any MS Windows system running with Real Player installed and Platforms Internet Explorer used as the routine web browser. At this time it is believed all variations of Internet Explorer and Real Player may be affected.”
They say “The malware appears to be spreading through a large variety of common and highly-respected Internet sites, however it does not appear these sites are themselves infected. The affected sites are serving solely as a mechanism to attract potential victims.”
I haven’t heard anything about attacks through realplayer and IE, much less through common sites that have been exploited. It sounds related to this advisory from Microsoft, but that was IE7 on XP only. There are some RealPlayer issues over at Secunia but that would effect RealPlayer only. The problem wouldn’t be browser specific and a patch is available.
Interesting to see how this develops. If there is a targeted attack against NASA as this would seem to indicate, we’ll hear about it eventually.
update – I have seen an updated email alert from them saying if you need to use IE, you should remove Real.