Let Me Introduce You to the First Windows XP Christmas Infection
- Malicious JavaScript in the wild

Softpedia

We all know this had to happen, so here it is: the first Christmas infection which attempts to install on Windows 2000 and Windows XP platforms. JS_REALPLAY.J is a
malicious JavaScript that can be dropped on your computer once you visit an infected website used in the attack. And more important, the script attempts to exploit a vulnerability in RealPlayer "that causes a stack overflow and allows the download of possibly malicious files on the affected system," as security vendor Trend Micro noted.

According to the security notification, the following RealPlayer versions have been flagged as vulnerable to attacks: 6.0.10, 6.0.11, 6.0.12, 6.0.14, 6.0.14.536, 6.0.14.543, 6.0.14.544, 6.0.14.550 and 6.0.14.552.

Since it affects only the Windows XP and Windows 2000 operating systems, the JavaScript first scans the targeted system to identify the platform and find out if there’s any sign of an Internet Explorer 6 or Internet Explorer 7 installation. "It also checks if RealPlayer is installed on the system and what version of the player is installed to determine the first few bytes of shell code that it writes on the affected system," Trend Micro noted.

After the infection has been done, JS_REALPLAY.J starts the assault: it connects to a malicious website and attempts to deploy additional dangerous files, identified by Trend Micro as PE_MUMAWOW.AO-O. The downloaded file is then dropped as an executable file in the main Windows folder. "As a result, malicious routines of the downloaded file may be exhibited on the affected system," the security company added.

The JavaScript shouldn’t be a problem if you have a patched version of RealPlayer or if your antivirus is up-to-date with the latest virus definitions. However, you’re always advised to avoid visiting suspicious websites that may attempt to deploy the said infection on your computer.

Thax, I am using one of those

What do you mean by, Thax, I am using one of those ... you need to protect your pc or switch to a mac.

Any rate, this Malware type=JavaScript, not destructive, run Windows 2000, XP platforms, with a low risk rating and low infecttions and damage potetial.

This exploit first checks if the affected machine is running Windows 2000 or Windows XP with Internet Explorer 6 or 7 and it also checks if RealPlayer is installed on the system.
Also what version of the player is installed, just to determine the first few bytes of shell code that it writes on the affected system.

Here is th solution to the problem.:

Solution:


Important Windows XP Cleaning Instructions

Users running Windows XP must disable System Restore to allow full scanning of infected computers.

You must be logged on as an Administrator, the System Restore tab is not going to be displayed. Turning off System Restore clears out all previous restore points. These instructions also assume that you are using the default Windows XP Start Menu and not the Classic Start menu. To enable the default menu, right-click Start>Properties>Start menu (not Classic) and then click OK.)

Click Start.
Right-click the My Computer icon and then click Properties.
Click the System Restore tab.
Select "Turn off System Restore" or "Turn off System Restore on all drives".
Click Apply, then Yes, and finally click on the OK button.
Enabling System Restore on Windows XP

Click Start.
Right-click My Computer and then click Properties.
Click the System Restore tab.
Uncheck "Turn off System Restore" or "Turn off System Restore on all drives."
Click Apply and then click OK.

Go for Firefox browser.

Good luck, now!

__________________
Ar.

What do you mean by, Thax, I am using one of those ... you need to protect your pc or switch to a mac.

Any rate, this Malware type=JavaScript, not destructive, run Windows 2000, XP platforms, with a low risk rating and low infecttions and damage potetial.

This exploit first checks if the affected machine is running Windows 2000 or Windows XP with Internet Explorer 6 or 7 and it also checks if RealPlayer is installed on the system.
Also what version of the player is installed, just to determine the first few bytes of shell code that it writes on the affected system.

Here is th solution to the problem.:

Just follow the following instructions for cleaning up.


Important Windows XP Cleaning Instructions

Users running Windows XP must disable System Restore to allow full scanning of infected computers.

You must be logged on as an Administrator, the System Restore tab is not going to be displayed. Turning off System Restore clears out all previous restore points. These instructions also assume that you are using the default Windows XP Start Menu and not the Classic Start menu. To enable the default menu, right-click Start>Properties>Start menu (not Classic) and then click OK.)

Click Start.
Right-click the My Computer icon and then click Properties.
Click the System Restore tab.
Select "Turn off System Restore" or "Turn off System Restore on all drives".
Click Apply, then Yes, and finally click on the OK button.
Enabling System Restore on Windows XP

Click Start.
Right-click My Computer and then click Properties.
Click the System Restore tab.
Uncheck "Turn off System Restore" or "Turn off System Restore on all drives."
Click Apply and then click OK.

Go for Firefox browser.

Good luck, now!

__________________
Ar.