• vlc media player

    Home » Forums » Cyber Security Information and Advisories » Code Red – Security/Privacy advisories » vlc media player

    Author
    Topic
    oldguy
    AskWoody Lounger
    April 6, 2022 at 5:37 am #2437331

    If you cached an installer recently it might be worth evaluating if you re-use it if your machine hits malware problems..

    https://www.bleepingcomputer.com/news/security/chinese-hackers-abuse-vlc-media-player-to-launch-malware-loader/

     

    1 user thanked author for this post.
    rontpxz81
    Reply | Quote
    Viewing 6 reply threads
    Author
    Replies
    • EricB
      AskWoody Plus
      April 6, 2022 at 7:12 am #2437345

      From the bleepingcomputer post –

      “Researchers at Symantec, a division of Broadcom, found that after gaining access to the target machine the attacker deployed a custom loader on compromised systems with the help of the popular VLC media player.

      Brigid O Gorman of Symantec Threat Hunter Team told BleepingComputer that the attacker uses a clean version of VLC with a malicious DLL file in the same path as the media player’s export functions.”

      ………………………………………………..

      So it would seem that bad actors already compromised the target system before abusing VLC Media Player.

      2 users thanked author for this post.
      rontpxz81, wavy
      Reply | Quote
    • wavy
      AskWoody Plus
      April 6, 2022 at 9:59 am #2437384
      oldguy wrote:

      cached an installer recently

      Why VLC installer?

      🍻

      Just because you don't know where you are going doesn't mean any road will get you there.
      Reply | Quote
      • oldguy
        AskWoody Lounger
        April 6, 2022 at 11:06 am #2437405

        You’d hope as the exploit is now “public” there’s a fix in line with the usual semantics involved with release of exploit information,  so an old installer probably isn’t going to be worth keeping .

         

        1 user thanked author for this post.
        rontpxz81
        Reply | Quote
        • oldguy
          AskWoody Lounger
          April 6, 2022 at 11:19 am #2437408

          Actually there should be a new version (but the download comes with everything today’s date so that’s hard to prove as I don’t use it to have an old version..), that would be as VLC does not (it seems) validate the (malware) files are authenticated before allowing them to execute which has a CWE assigned to it:

          https://cwe.mitre.org/data/definitions/306.html

          https://www.bleepingcomputer.com/news/security/mitre-updates-list-of-top-25-most-dangerous-software-bugs/

           

           

          1 user thanked author for this post.
          rontpxz81
          Reply | Quote
        • rontpxz81
          AskWoody Plus
          April 7, 2022 at 5:56 pm #2437812

          Will VLC fix the vulnerability for Windows?

          Reply | Quote
          • Paul T
            AskWoody MVP
            April 8, 2022 at 1:06 am #2437873

            There is no vulnerability in VLC that can be triggered without first compromising the machine. In other words, the machine was hacked before the virus was installed using VLC.
            VLC are not responsible for this and a fix is not a priority.

            cheers, Paul

            3 users thanked author for this post.
            windbg, rontpxz81, NaNoNyMouse
            Reply | Quote
            • rontpxz81
              AskWoody Plus
              April 8, 2022 at 8:51 am #2437973

              Not sure I understand Paul- “the machine was hacked before the virus was installed using VLC.” How and by what? How to check?

              Reply | Quote
            • EricB
              AskWoody Plus
              April 8, 2022 at 9:09 am #2437975

              The bleepingcomputer article did not disclose how the targeted system had been compromised before VLC Media Player was abused.  In any event, does it matter?

              The real point is that ANY malware could have been installed on that system once the bad actors had compromised it.  The real security flaw in that system was not mentioned.  For all we know it could have been a system that failed to install available security updates.  The focus on VLC Media Player is, IMHO, unjustified.

              2 users thanked author for this post.
              wavy, rontpxz81
              Reply | Quote
      • Alex5723
        AskWoody Plus
        April 6, 2022 at 2:06 pm #2437449

        I use portable VLC so no worries.

        Reply | Quote
    • Alex5723
      AskWoody Plus
      April 6, 2022 at 2:10 pm #2437450
      oldguy wrote:

      Actually there should be a new version

      Just got VLC version 3.3.3 for iOS/iPadOS.

      Reply | Quote
    • Charlie
      AskWoody Plus
      April 6, 2022 at 3:04 pm #2437464

      Are all OS’es affected by this VLC thing?  Windows, iOS, Linux, etc.?

      Being 20 something in the 70's was so much better than being 70 something in the insane 20's
      1 user thanked author for this post.
      DrBonzo
      Reply | Quote
    • anonymous
      Guest
      April 8, 2022 at 12:28 am #2437832

      I just went to videolan.org to get the latest version for Win10 64-bit, and the “download VLC” button gave me v3.16 which was released last June. The archive, however, contains v3.0.17.3 which was released on March 11th of this year.

      Reply | Quote
      • EricB
        AskWoody Plus
        April 8, 2022 at 7:14 am #2437951

        I’d be careful about that.  It may not actually be “released” for production and general distribution.

        Reply | Quote
    • EP
      AskWoody_MVP
      April 8, 2022 at 12:38 pm #2438004

      version 3.0.17.3 of VLC is a non-security bugfix – safe to download directly from the videolan.org web site

      https://www.ghacks.net/2022/03/08/vlc-media-player-3-0-17-out-with-fixes-and-support-for-dav-and-dts-lbr/

      https://www.reddit.com/r/VLC/comments/tds4ao/vlc_30173_vetinari_has_been_released_videolan/

      https://download.videolan.org/pub/videolan/vlc/3.0.17.3/

      maybe it’s better to wait for a future release like 3.0.18 or so > for those who like using VLC’s “update” feature or depend on that

      2 users thanked author for this post.
      rontpxz81, Alex5723
      Reply | Quote
    • Alex5723
      AskWoody Plus
      April 12, 2022 at 12:38 am #2438810

      Ghacks : Symantec says that hackers distributed a modified version of VLC and exploited it for malware attacks

      ..Hackers distributed a modified version of VLC to use it for triggering a custom malware loader
      One of these tools is a modified version of the popular open source media player, VLC. Symantec’s Security Threat Intelligence blog mentions the following statement.

      “The attackers also exploit the legitimate VLC Media Player by launching a custom loader via the VLC Exports function, and use the WinVNC tool for remote control of victim machines.”

      This statement’s wording is quite confusing, and was misinterpreted by some blogs, who wrote that VLC is vulnerable and that hackers are using it to launch malware attacks. This is not correct, VLC is not the reason for the malware attacks like these websites allege. The rest of the report should be taken into context.

      The second section of the report (highlighted in the image) mentions that attackers needed access to the victim machines, before they could launch the malware attack. This was confirmed by a member of Symantec’s Threat Hunter Team, in a statement released to Bleeping Computer. They said that some hackers took the clean version of VLC, added a malicious DLL file to it and distributed it, aka DLL side-loading. This file is located in the same folder as the export function’s path, and is used by the attackers to launch a custom malware loader.

      So it is evident there are at least two different requirements for this attack to happen: a compromised system, and a modified version of VLC (among the other tools that were used)…

      Is VLC safe to use?
      Yes, it is. As long as you download VLC from the official website (or a trustworthy site), your computer should be safe from malware, because it does not contain the malicious DLL File used in these attacks…

      What about the elephant in the room …“suggesting the possibility that a known, unpatched vulnerability in Microsoft Exchange may have been used to gain access to victim networks in some cases”.

      1 user thanked author for this post.
      wavy
      Reply | Quote
    Viewing 6 reply threads
    Reply To: vlc media player

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    May 2025
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    25262728293031

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.