Microsoft security update flags Google.com for malware

Microsoft security update flags Google.com for malware

Summary: The company has fixed updates to its Forefront and Security Essentials security software that falsely identified Google's home page as serving the Blackhole exploit kit

SHARE:
TOPICS: Security
0

Microsoft has rectified updates to its business and consumer security software that flagged Google's home page as being infected with malware.

Updates to Microsoft Forefront and Microsoft Security Essentials on Tuesday listed Google as being infected with the Blackhole exploit kit, according to user forums.

"My malware inspection updated to 1.119.1972.0 and within 5 minutes started blocking www.google.com because of JS/Blacole.BW," said one user on the Microsoft Forefront forum. "I'm almost sure this is a false positive."

Users in countries including the US, Middle East, Australia, New Zealand and Denmark reported that Forefront was blocking access to Google.

Security organisation Sans Institute said that Microsoft fixed the issue on Tuesday in Forefront update 1.119.1986.0 and higher. "As of 20:11 GMT-5 Feb 14 2012, we received confirmation from Microsoft stating that this problem is a false positive and will be corrected in the update 1.119.1986.0 or higher for the antivirus," said Sans incident handler Manuel Humberto Santander Peláez in a blog post.

Microsoft fixed the issue in Forefront in around four hours, according to forum posts.

The company also rectified the false positive in Security Essentials on Tuesday according to forum posts.

"MS has released updated definitions. I see def. version 1.119.1988.0 on my machine — and Google is no longer detected as a virus," said user RonDeL71.

Security company Kaspersky described the Blackhole exploit kit as being "like a Swiss Army knives [sic] for launching web based attacks from compromised web pages" in a blog post on 8 February. The kit attempts various exploits against computers visiting infected websites, in order to upload malware. According to a report published by M86 Security Labs, the exploit kit accounts for 95 percent of malicious URLs seen by the company.

Microsoft had not issued a statement at the time of writing.


Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion