Microsoft false positive flags Google as hosting Blackhole Exploit Kit
Microsoft suffered a false positive problem last night when Google was flagged as malicious.
Shortly after Microsoft released its February Patch Tuesday bulletins, Google.com was flagged as malicious, apparently due to a faulty security update shipped by Microsoft.
However, Microsoft's Technet support forums lit up on the subject, with a comment that a user's malware inspection had been updated to 1.119.1972.0 and began blocking Google.com because of JS/Blacole.BW.
In a response to another forum member, Microsoft Support said: “Thanks for reporting this issue. We have received several similar reports from different channels. Currently I'm working with our AV team to investigate the issue. Will keep you updated for any progress.”
According to security blogger Brian Krebs, the alerts appeared to be the result of a false positive detection shipped to users of Microsoft's anti-virus and security products, most notably its Forefront technology and free Security Essentials anti-virus software.
He said that following a reboot, Internet Explorer claimed Google.com was serving up a severe threat and that Google's homepage was infected with a Blackhole Exploit Kit.
Krebs said: “I could be wrong, but it doesn't appear that Google is in fact infected or serving up exploits. Fortunately, clicking the default ‘remove' action prompted by Microsoft's anti-virus technology did virtually nothing that I could tell; the program reported that it was unable to find the threat (psst, Microsoft…that's because there isn't one).
“False positives happen to every anti-virus vendor and this one was fairly innocuous as these things go: it's not like it deleted or quarantined essential operating system files [as BitDefender dealt with in 2010], rendering host computers useless, as faulty updates from other vendors have in the past. But Microsoft is probably smarting from this episode.”