VLC download site marked as malware by Microsoft

Giles Ensor avatar. By: Giles Ensor
3 minute read

Home » VLC download site marked as malware by Microsoft

When I saw the news, I was clicking all the links to see why one of my favourite media players was being targeted by Microsoft’s Bing. The good news is that it’s not really true that the VLC Media Player is malware. However, caution is definitely suggested if you use it. Read on to find out more…

Microsoft marks VLC download site as malware

The problem is not VLC, well, not exactly anyway. In would be more accurate to say that the problem is InPage. If you are unaware, InPage is a “word processor software for specific languages like Urdu, Persian, Pashto, and Arabic”. Of course, this is not the entire story.

Who’s to blame?

Firstly, InPage is certainly part of the problem as it has a known vulnerability that can be exploited by hackers. VLC also has a problem, but it is an outdated version of VLC, which presents a problem, of course. Both these programs are used in tandem to perform the hack.

InPage


In case you want to be secure while surfing the internet, you will need to get a full-dedicated tool to secure your network.  Install now Cyberghost VPN and secure yourself. It protects your PC from attacks while browsing, masks your IP address and blocks all unwanted access.


How did it happen?

I’ll let the Office 365 Research and Response team take over here. Here is how they described the process happening:

  • Spear-phishing email with a malicious InPage document with the file name hafeez saeed speech on 22nd April.inp was sent to the intended victims
  • The malicious document, which contained exploit code for CVE-2017-12824, a buffer-overflow vulnerability in InPage, dropped a legitimate but outdated version of VLC media player that is vulnerable to DLL hijacking
  • The side-loaded malicious DLL called back to a command-and-control (C&C) site, which triggered the download and execution of the final malware encoded in a JPEG file format
  • The final malware allowed attackers to remotely execute arbitrary command on the compromised machine.

— RELATED: Best Windows 10 antivirus solutions to install in 2019

Is this fair?

As far as I can work out, the vulnerability in the VLC Media Player no longer exists. Well, it exists but not on the VLC website itself. It appears to me that Microsoft is punishing the VideoLAN project for a vulnerability it an outdated version of its media player.

VideoLAN said on Twitter that they had no idea how to fix the issue, and I can see what they mean. While the original vulnerability was obviously a mistake, the media player had been fixed for a long time. How is VideoLAN meant to fix the dodgy versions of its software floating around the internet being used for nefarious activities?

It would seem to me that since InPage is also at fault, and the primary resource for the hack, it should fix its vulnerability. Then, it wouldn’t matter about the old versions of VLC.

Still, the important thing is that Microsoft holds itself up to the same high standards that it is holding other companies up to, so that’s good news.

Feel free to comment about this story in the box below. It’s what it’s there for.

RELATED STORIES TO CHECK OUT:

Discussions

Next up

Fix: Counter Strike: Global Offensive Issues On Windows 10

Milan Stanojevic avatar. By: Milan Stanojevic
7 minute read

Counter Strike: Global Offensive is currently the most popular first person shooter on PC, but it seems that some Windows 10 users are having certain […]

Continue Reading

Top 5 YouTube live-streaming software to get more followers

Vladimir Popescu avatar. By: Vladimir Popescu
Less than a 1 minute read

Live streaming is quickly becoming one of the most important ways people use to broadcast themselves online. People use live streaming to cover a wide […]

Continue Reading

How to fix corrupted Ableton files on Windows 10

Vladimir Popescu avatar. By: Vladimir Popescu
3 minute read

There is nothing worse than getting an error message when trying to open your Ableton Live set. All the hard work you put in seems […]

Continue Reading