This article originally appeared in Threat Post on November 30, 2018.
After identifying the official VLC media download page as “unsafe” with its Bing search engine, Microsoft now suggests it was done in error.
Microsoft’s Bing search engine warned its users the official VLC media player website was “suspicious” and dissuaded users from visiting the popular destination, suggesting the site contained “malicious software.” The site is no longer listed as unsafe.
In a red warning message presented to users in the search results for “VLC” (videolan[.]org/vlc), Bing had stated: “Site might be dangerous. We suggest you choose another result. If you continue to this site, it could lead you to malicious software that can harm your device.”
The message was part of Microsoft’s Bing Site Safety Report feature, added in 2014 to keep users from visiting potentially unsafe websites. The VLC media player, a free and open-source software utility extremely popular with consumers, is developed by the VideoLAN project.
“We have absolutely no clue what happened. Nothing was changed on the binaries (easy to check), or on the websites,” wrote Jean-Baptiste Kempf, VideoLAN president, in an email response to questions. “We can just think about a false-positive in an updated anti-virus checklist. This happens from time to time. We have no other idea.”
For its part, Microsoft said in a statement: “Out of an abundance of caution, security protocols may return false positives at times. When this happens, and a URL is confirmed to be safe, we unblock the site.”
According to VideoLAN, the site was listed as potentially dangerous since Sunday. In that time Mike Bittner, digital security and operations manager with The Media Trust, suggested the app may have been weaponized by a malicious actor.
“[Apps] are inherently vulnerable because few are designed with security in mind,” Bittner said. “And when they are open sourced, those vulnerabilities soar, as bad actors can look closely into the code that comprise the programs and easily revise them.”
VideoLAN posted to its Twitter feed the day after Bing declared it “suspicious” and tweeted: “Supposedly, @bing now consider vlc-3.0.4-win64.exe as a malware, which gives an annoying popup. This appeared 2 days ago, and we have no clue how to fix it (yet). We’ve checked, and the binary has not changed and is still correctly signed…”
The VLC media player has had its share of bugs and hacks including a remote code execution proof-of-concept attack found in May 2017 impacting VLC and other popular players such as Kodi, Stremio and Popcorn Time.
According to download repository SourceForge.net, as of 2016, the VLC media player is the site’s third most popular download with more than 2 billion downloads.