Microsoft security update flags Google.com for malware

Summary:The company has fixed updates to its Forefront and Security Essentials security software that falsely identified Google's home page as serving the Blackhole exploit kit

Microsoft has rectified updates to its business and consumer security software that flagged Google's home page as being infected with malware.

Updates to Microsoft Forefront and Microsoft Security Essentials on Tuesday listed Google as being infected with the Blackhole exploit kit, according to user forums.

"My malware inspection updated to 1.119.1972.0 and within 5 minutes started blocking www.google.com because of JS/Blacole.BW," said one user on the Microsoft Forefront forum. "I'm almost sure this is a false positive."

Users in countries including the US, Middle East, Australia, New Zealand and Denmark reported that Forefront was blocking access to Google.

Security organisation Sans Institute said that Microsoft fixed the issue on Tuesday in Forefront update 1.119.1986.0 and higher. "As of 20:11 GMT-5 Feb 14 2012, we received confirmation from Microsoft stating that this problem is a false positive and will be corrected in the update 1.119.1986.0 or higher for the antivirus," said Sans incident handler Manuel Humberto Santander Peláez in a blog post.

Microsoft fixed the issue in Forefront in around four hours, according to forum posts.

The company also rectified the false positive in Security Essentials on Tuesday according to forum posts.

"MS has released updated definitions. I see def. version 1.119.1988.0 on my machine — and Google is no longer detected as a virus," said user RonDeL71.

Security company Kaspersky described the Blackhole exploit kit as being "like a Swiss Army knives [sic] for launching web based attacks from compromised web pages" in a blog post on 8 February. The kit attempts various exploits against computers visiting infected websites, in order to upload malware. According to a report published by M86 Security Labs, the exploit kit accounts for 95 percent of malicious URLs seen by the company.

Microsoft had not issued a statement at the time of writing.


Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.

Topics: Security

About

Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.