X-53mph Posted April 7, 2022 Share Posted April 7, 2022 I'm sure many of you use VLC player. It appears it has been used by hackers to gain access to user's computers. Story here: https://www.digitaltrends.com/computing/vlc-media-player-exploited-by-chinese-hackers/ 3 Link to comment Share on other sites More sharing options...
User 905133 Posted April 7, 2022 Share Posted April 7, 2022 See also: https://www.bleepingcomputer.com/news/security/chinese-hackers-abuse-vlc-media-player-to-launch-malware-loader/ Link to comment Share on other sites More sharing options...
jesse g Posted April 7, 2022 Share Posted April 7, 2022 Ooohhhhh, Goodbye little orange and white triangle,.......uninstall ? Link to comment Share on other sites More sharing options...
AndyB01 Posted April 7, 2022 Share Posted April 7, 2022 Freeware is always a potential target - I recall when CCleaner was used in an attack, so all these freebie utilities have to be used with care. Often the malware is geofenced so as to protect devices in APT states such as Russia and China. Personally I try and limit my exposure to this kind of software and if you do use it, always download from a reputable source and never update based on a pop up or email. Also, turn off auto update if that's a feature, do it on your terms. Check all downloads with AV endpoint detection before installation (although that won't always protect you) and don't upgrade at the bleeding edge - let the update roll out for a while - if it's dodgy the Internet will soon let you know. Finally, have a proven and robust backup regime so you can recover if the worst happens. Be careful out there. Andy 2 Link to comment Share on other sites More sharing options...
JoeGBradford Posted April 7, 2022 Share Posted April 7, 2022 I thought I had that on my main PC but I don't so that's good. I'll check the old laptop. Thanks for the heads up Link to comment Share on other sites More sharing options...
craigb Posted April 7, 2022 Share Posted April 7, 2022 Damn! I'm busted... Oh well, I guess I'll go hack something else then! Link to comment Share on other sites More sharing options...
Notes_Norton Posted April 7, 2022 Share Posted April 7, 2022 What is a good replacement for VLC? Link to comment Share on other sites More sharing options...
Shane_B. Posted April 8, 2022 Share Posted April 8, 2022 (edited) If you have an older version of VLC installed you can check for updates and download the latest version and it should get it from a secure server. It even has a checksum function to make sure you got a clean one. People do a quick search and get it from any source but you should always get the free opensource stuff from the developer working on it if you can. You should with anything you download but it's particularly easy for hackers to infect the opensource stuff. The only other site I trust is Sourceforge.net and I don't even trust them if I can help it. If I find something there I want I always try to search for the developers direct site and download it there or go to where they say it's safe to download. Sometimes they send you back to Sourceforge and sometimes they don't ... The only free stuff I use is Gimp, Blender, Open Office, and VLC and they all have their own sites. I didn't even realize they were still updating VLC. I thought it died many years ago along with Winamp. Speaking of, they are bringing Winamp back sometime soon. I liked how you could customize it like Reaper. I had a skin for it that was all analog meters but eventually had to stop using it as Window's advanced and Winamp died. You can still get the last official version that came out years ago but on new high res monitors it's almost impossible for me to see. I used to make my own skins for it but I deleted all that stuff a long time ago when it died off. Now I'm tempted to try out the latest version of VLC. I keep reading that it does a lot of things I've been wanting to do but the version I have is very old. This is VLC's official site. 14 hours ago, Notes_Norton said: What is a good replacement for VLC? I haven't been able to find one that you didn't have to pay a lot of money for. The old version of Windows Media Player is still on your system, assuming you are running Windows 11. You just have to dig for it. I like it better than the new media player, but I dislike them both. I always used Winamp and VLC. But like I said above, I thought VLC died out a long time ago with Winamp but I'm wrong. You can also upload the VLC install file to several free virus checking sites and they'll scan it too. I use this site and this site. Edited April 8, 2022 by Shane_B. Link to comment Share on other sites More sharing options...
Starship Krupa Posted April 8, 2022 Share Posted April 8, 2022 17 hours ago, AndyB01 said: Freeware is always a potential target As is payware. According to the article, the .DLL payload got on the computers in question via compromised unpatched Microsoft Exchange Servers. It didn't actually come with VLC, it was activated when the user tried to convert media using VLC. So to be safe, people might consider getting any Microsoft software off their computers. I was fortunately immune to this attack because I have no Microsoft Exchange Servers running on my home network at this time, nor do I use VLC to convert media types. So this malware attack, which has so far caused untold losses (and I looked, none of the stories told of any losses caused by it) has missed me just like all the others in my 40 years of using computers. Not that I haven't tempted fate by using free software like Cakewalk, Google Chrome, and the Meldaproduction FreeFXBundle. I also noticed that none of these stories had any suggestions as to what to do to keep yourself safe. It's as if they want a lot of people to pass it around so that more people can click on it and drive up the traffic stats to their webservers. 3 Link to comment Share on other sites More sharing options...
Colin Nicholls Posted April 8, 2022 Share Posted April 8, 2022 Ignore the crap articles, read the source https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-china-ngo-government-attacks 1 Link to comment Share on other sites More sharing options...
Shane_B. Posted April 8, 2022 Share Posted April 8, 2022 24 minutes ago, Starship Krupa said: So this malware attack, which has so far caused untold losses (and I looked, none of the stories told of any losses caused by it) has missed me just like all the others in my 40 years of using computers. Not that I haven't tempted fate by using free software like Cakewalk, Google Chrome, and the Meldaproduction FreeFXBundle. I can count on 1 hand the amount of times I've actually had a virus infect my system. I can honestly only remember 2 times specifically. Both came from the same source before I realized what had happened. It was a mouse driver floppy and I still remember the virus. Die Hard. It manifested slowly and eventually all you saw were 2 purple letters come streaming from the center of your screen "DH" and it would turn black. The more you rebooted the worse it became until eventually it's all that would happen. It came on the floppy for the mouse driver on a brand new system I ordered. When I contacted them they said the system the mouse manufacturer made the floppies from got infected and it had nothing to do with them but the only fix was to swap out the HDD so they overnighted me a new HDD and different mouse at no charge. I never knew you could use VLC to convert file types. I need to dig in to it more I guess. I tried to use it for streaming and could never get it to work and I used it to check files I ripped from my own blu ray's and converted. Window's gets all pissy about those file types so I just throw them on a thumb drive now and pop in my TV and they play great. No disc player needed. I used to use a free program called Format Factory to convert files but Windows started scanning it and marked it as a security threat so I stopped using it. And when you pull up their website now it says it's unsecured. So I don't know what happened with them. It was a really nice program but I've been afraid to use it since that started happening. If I want to shrink a jpg now for the forums I just use the built in MS paint program. Gimp is actually pretty difficult to use for such a quick simple thing. 1 Link to comment Share on other sites More sharing options...
Tim Smith Posted April 8, 2022 Share Posted April 8, 2022 Thank you for the FYI. VLC is my go to player. I recently had a request asking me if I wanted to update it. I really didn't think much of it at the time since it was they who were making the request from the player portal. VLC has lots of capability some might not be aware of, including reading lots of video codex little else can can read. Not being a coder myself I guess I don't know what to look for at the code level....and if it's in my machine to look at it's probably too late. We use VPN at work, but clicking on a sour link from Russia probably won't save your butt. I had an attempted ransom a long time ago. I played hardball. I just wiped the computer and started over. That was back in the day when I was dumb enough to use Limewire to download music. That's pretty much like opening the door and saying, "come on in". I hated to see Adode flash go. A bunch of our much needed software ran on it. Apparently it could be exploited. 2 hours ago, Starship Krupa said: Not that I haven't tempted fate by using free software like Cakewalk, Google Chrome, and the Meldaproduction FreeFXBundle. Let's just say you are not alone in thinking these thoughts. Link to comment Share on other sites More sharing options...
X-53mph Posted April 8, 2022 Author Share Posted April 8, 2022 (edited) 2 hours ago, Starship Krupa said: As is payware. According to the article, the .DLL payload got on the computers in question via compromised unpatched Microsoft Exchange Servers. It didn't actually come with VLC, it was activated when the user tried to convert media using VLC. So to be safe, people might consider getting any Microsoft software off their computers. I was fortunately immune to this attack because I have no Microsoft Exchange Servers running on my home network at this time, nor do I use VLC to convert media types. So this malware attack, which has so far caused untold losses (and I looked, none of the stories told of any losses caused by it) has missed me just like all the others in my 40 years of using computers. Not that I haven't tempted fate by using free software like Cakewalk, Google Chrome, and the Meldaproduction FreeFXBundle. I also noticed that none of these stories had any suggestions as to what to do to keep yourself safe. It's as if they want a lot of people to pass it around so that more people can click on it and drive up the traffic stats to their webservers. Geez, I love how sympathetic you guys are. Just because YOU have never had a virus doesn't mean other people haven't. I teach in a lot of companies, and I know of at least two of my clients who had their servers hacked and data either stolen or ransomed as a result. These are companies that deal with sensitive military hardware. One hack was the result of a guy downloading YouTube videos. I know IT security people who are dealing with hacks on a daily basis. Just the other day in my home country, the entire rail network was hacked by teenagers in Bulgaria. They brought the system to a stand still for a week. So you can brush it off as scare mongering but ask yourselves, how many small developers, plugin resellers are keeping their sites and software safe? The same sites we rush to for that freebie deal. Just saying. Edited April 8, 2022 by Philip G Hunt 3 Link to comment Share on other sites More sharing options...
Tim Smith Posted April 8, 2022 Share Posted April 8, 2022 (edited) Please don't include me here. I appreciate the info. My IT department deals constantly with threats. This is why we went to a VPN. At one point we had to shut all of our servers down because someone was attempting to get in. Due to concerns of privacy breaches we pulled the plug until we could get a solid VPN in place. We already had VPN, but we extended it and added more protection. A hacker made it into the server for the software I work in a few years ago. This software controls the lighting ,heating cooling systems electric usage and many other things for multiple millions of dollars worth of buildings and infrastructure. Not just control but monitoring trending of multiple data points etc. They went in and changed a bunch of temperatures and systems. Luckily they were beginner hackers and we caught up to it soon enough to get a hold on it. I think one of the newest trends is to put a spy inside of a common program container....like VLC. Can't ever, EVER be too careful. Edited April 8, 2022 by Tim Smith 2 1 Link to comment Share on other sites More sharing options...
craigb Posted April 8, 2022 Share Posted April 8, 2022 IMHO, ESET does the best job of protecting my computers and me from myself online. 1 Link to comment Share on other sites More sharing options...
Shane_B. Posted April 8, 2022 Share Posted April 8, 2022 (edited) 1 hour ago, Philip G Hunt said: So you can brush it off as scare mongering but ask yourselves, how many small developers, plugin resellers are keeping their sites and software safe? The same sites we rush to for that freebie deal. Business exploits and personal PC exploits are two very different things. I don't think anyone is downplaying any of it but the reality is it's extremely rare to get a virus on your PC now days between everything being analyzed by the site providers and especially Window's built in protection plus all the free and/or inexpensive antivirus software out there. IRT business, is the security really up to the people who rent the website space or the people who own the actual server they use? I thought most companies, if not all, are using Cloud services and the security is the hosts responsibility. Edited April 8, 2022 by Shane_B. Link to comment Share on other sites More sharing options...
Shane_B. Posted April 8, 2022 Share Posted April 8, 2022 1 hour ago, craigb said: IMHO, ESET does the best job of protecting my computers and me from myself online. Thanks. I'll check them out. They have a free no strings attached, no credit card required 30 day free trial. I use Windows and the free Malware Bytes but have been trying to decide on a good paid one. I can find good and bad reviews for all of them when I search but if you trust ESET then I'll definitely check them out. I've been tinkering with modding Fallout since I got that new video card recently. I had to install some .net versions that weren't on my system. Ever since then my internet connection has been garbage. I don't know if it was the .net stuff or perhaps something else from one of the mods. They are all checked by the Nexusmods host site and verified virus free but still ... you never know. I know hate is a strong word these days, but I absolutely mamma pajama blanking HATE dealing with .net versions and updates. Never, not once, have I ever messed with them (Looking at you Sonar) and had a good outcome. My system was screaming fast until I messed with that. Now it's totally blanked with a capital *. But I had to install a few different versions in order for the game to even load. It's been downhill since then and I am not a happy camper about it. 1 Link to comment Share on other sites More sharing options...
X-53mph Posted April 8, 2022 Author Share Posted April 8, 2022 1 hour ago, Shane_B. said: Thanks. I'll check them out. They have a free no strings attached, no credit card required 30 day free trial. I use Windows and the free Malware Bytes but have been trying to decide on a good paid one. I can find good and bad reviews for all of them when I search but if you trust ESET then I'll definitely check them out. I've been tinkering with modding Fallout since I got that new video card recently. I had to install some .net versions that weren't on my system. Ever since then my internet connection has been garbage. I don't know if it was the .net stuff or perhaps something else from one of the mods. They are all checked by the Nexusmods host site and verified virus free but still ... you never know. I know hate is a strong word these days, but I absolutely mamma pajama blanking HATE dealing with .net versions and updates. Never, not once, have I ever messed with them (Looking at you Sonar) and had a good outcome. My system was screaming fast until I messed with that. Now it's totally blanked with a capital *. But I had to install a few different versions in order for the game to even load. It's been downhill since then and I am not a happy camper about it. Sound to me like one of the mods has piggy backed on your internet connection and might be using your computer as part of a hive. Have you run a speed test? Checked all the non-microsoft running processes accessing the internet? My son plays mods and I warn him all the time....but do they listen? I'm just waiting for his laptop to pick up viruses like a 2 dollar hooker. Link to comment Share on other sites More sharing options...
Starship Krupa Posted April 8, 2022 Share Posted April 8, 2022 5 hours ago, Shane_B. said: If I want to shrink a jpg now for the forums I just use the built in MS paint program. Gimp is actually pretty difficult to use for such a quick simple thing. My current fave Paint program is Paint.NET, which is what I use for all of my Cakewalk themes. Light, simple, all the features I need in a pixel editor. Link to comment Share on other sites More sharing options...
Starship Krupa Posted April 8, 2022 Share Posted April 8, 2022 (edited) 3 hours ago, Philip G Hunt said: Geez, I love how sympathetic you guys are. Just because YOU have never had a virus doesn't mean other people haven't. I teach in a lot of companies, and I know of at least two of my clients who had their servers hacked and data either stolen or ransomed as a result. These are companies that deal with sensitive military hardware. One hack was the result of a guy downloading YouTube videos. I know IT security people who are dealing with hacks on a daily basis. Just the other day in my home country, the entire rail network was hacked by teenagers in Bulgaria. They brought the system to a stand still for a week. I apologize for my dismissive tone. My hackles get raised when needless FUD is mongered about freeware. That wasn't you, you merely posted a link to the article, which is great. I used to work in IT as well, at a security company no less, but I left the field 20 years ago, so I thank you for updating me on how widespread it actually is these days. I've cleaned malware infestations from friends' kids computers that were almost bricked (they had been downloading cracked plug-ins). But back in the day, I also witnessed antivirus "solutions" that were so invasive and intrusive that they were basically like having a virus on the computer, even to the point where the systems would become functionally unusable. So in my personal experience I've seen antivirus programs do much more damage than actual viruses! I need to remember though, that not everyone is as savvy about computer safety as we are. As I said, 40 years, and I built my first computer from a kit. I still contend that those articles were poorly written in that they don't have enough useful information about whether individuals are at risk or whether using VLC is safe or not. My educated guess is that the hackers just chose programs that they knew were widely used (VLC, Microsoft Exchange) and hijacked them for their attacks. Which doesn't mean that we should stop using VLC or be afraid of it, rather that we should continue the good practices we do. Regular malware scans, firewalls, etc. Media outlets depend on clicks/viewers, and since computer malware is something that few people in the general public understand, it's good bait. The dangers for individuals tend to be exaggerated, IMO. I'm curious as to precisely how they got that .DLL on those systems without it being detected. Exchange has built-in malware scanning, as does Windows 10 itself. Of course, with a determined attack like this, anti-malware software can be bamboozled. Edited April 8, 2022 by Starship Krupa 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now