When I saw the news, I was clicking all the links to see why one of my favourite media players was being targeted by Microsoft’s Bing. The good news is that it’s not really true that the VLC Media Player is malware. However, caution is definitely suggested if you use it. Read on to find out more…
Microsoft marks VLC download site as malware
The problem is not VLC, well, not exactly anyway. In would be more accurate to say that the problem is InPage. If you are unaware, InPage is a “word processor software for specific languages like Urdu, Persian, Pashto, and Arabic”. Of course, this is not the entire story.
Who’s to blame?
Firstly, InPage is certainly part of the problem as it has a known vulnerability that can be exploited by hackers. VLC also has a problem, but it is an outdated version of VLC, which presents a problem, of course. Both these programs are used in tandem to perform the hack.
In case you want to be secure while surfing the internet, you will need to get a full-dedicated tool to secure your network. Install now Cyberghost VPN and secure yourself. It protects your PC from attacks while browsing, masks your IP address and blocks all unwanted access.
How did it happen?
I’ll let the Office 365 Research and Response team take over here. Here is how they described the process happening:
- Spear-phishing email with a malicious InPage document with the file name hafeez saeed speech on 22nd April.inp was sent to the intended victims
- The malicious document, which contained exploit code for CVE-2017-12824, a buffer-overflow vulnerability in InPage, dropped a legitimate but outdated version of VLC media player that is vulnerable to DLL hijacking
- The side-loaded malicious DLL called back to a command-and-control (C&C) site, which triggered the download and execution of the final malware encoded in a JPEG file format
- The final malware allowed attackers to remotely execute arbitrary command on the compromised machine.
Is this fair?
As far as I can work out, the vulnerability in the VLC Media Player no longer exists. Well, it exists but not on the VLC website itself. It appears to me that Microsoft is punishing the VideoLAN project for a vulnerability it an outdated version of its media player.
VideoLAN said on Twitter that they had no idea how to fix the issue, and I can see what they mean. While the original vulnerability was obviously a mistake, the media player had been fixed for a long time. How is VideoLAN meant to fix the dodgy versions of its software floating around the internet being used for nefarious activities?
It would seem to me that since InPage is also at fault, and the primary resource for the hack, it should fix its vulnerability. Then, it wouldn’t matter about the old versions of VLC.
Still, the important thing is that Microsoft holds itself up to the same high standards that it is holding other companies up to, so that’s good news.
Feel free to comment about this story in the box below. It’s what it’s there for.
RELATED STORIES TO CHECK OUT: