Brown pants moment for BlueJeans: Dozens of AV tools scream its vid chat code is malware
How it all happened (clue: unsigned library loaded)
Programmers at videoconferencing software house BlueJeans have been living through a developer's nightmare the past month or so – antivirus packages falsely labeling their code as malware.
A Register reader, who works in corporate IT administration, tipped us off over the weekend that the software had triggered virus alerts on a number of systems they administrate running anti-malware scanners. After submitting the program to VirusTotal, the admin found that 27 security toolkits, including Trend Micro, McAfee, and Avast, were wrongly flagging the application as a malicious nasty.
"My company has independently verified their Windows application version 2.5.660 is indeed being flagged and quarantined by antivirus systems beginning in the last few days," the tipster wrote.
"This is not the newest version of the software, but it was the active version in June, and undoubtedly was running on the desktops of most BlueJeans customers for at least a few weeks."
Fortunately, this wasn't a case of the software being compromised or loaded with malware. The Register was told by BlueJeans CTO Alagu Periyannan that the antivirus alarms were the result of a cryptographically unsigned library that was since replaced.
"The entire executable is signed by BlueJeans. However, one of the libraries of the app was not signed," Periyannan said. "We have signed that one library and now the virus scanners no longer generate a false positive."
The false positive was confirmed by Trend Micro, who told El Reg via a spokesperson that it would look to prevent similar errors from happening again.
"Upon analysis, it appears our automation triggered the initial detection based on some existing rules, and upon further review we found it to be non-malicious," Trend says.
"We are working to refine the rules to account for this type of file in the future."
In this case, fixing the problem is as simple as updating the BlueJeans software, and many customers should already have the fix, as it was automatically kicked out in June. Anyone still experiencing false positives should be sure they have version 2.6 of the BlueJeans application.
Our tipster has also been able to get the affected user machines fixed, but while the problem has been solved, they are not particularly thrilled with how the issue was handled.
"Maybe it’s just me," the admin said, "but when a vendor silently replaces a version that appears to be malware infected with a different copy that is clean, without informing customers, who downloaded the former, it does not seem like the vendor is being forthcoming about what is going on." ®
Spotted any other weirdness with software, security tools, and operating system updates? Let us know so we can investigate.
Sponsored: Becoming a Pragmatic Security Leader