[+] Wayc0de's Blog[+]

02/10/11

Faulty Microsoft AV update nukes Chrome browser

Summary: Microsoft has confirmed that its security tools erroneously removed the Google Chrome browser from Windows machines, marking it as a variant of the notorious Zeus (Zbot) malware family.


UPDATE: Microsoft has confirmed that this was caused by a faulty anti-virus definition update that affected about 3,000 Windows users.

Here’s Microsoft’s statement:

“On September 30th, 2011, an incorrect detection for PWS:Win32/Zbot was identified and as a result, Google Chrome was inadvertently blocked and in some cases removed from customers PCs. We have already fixed the issue — we released an updated signature (1.113.672.0) at 9:57 am PDT — but approximately 3,000 customers were impacted. 

A Microsoft spokesperson says affected users should manually update Microsoft Security Essentials (MSE) with the latest signatures. 

“To do this, simply launch MSE, go to the update tab and click the Update button, and then reinstall Google Chrome. We apologize for the inconvenience this may have caused our customers,” the spokesperson said.

ORIGINAL REPORT:

There are numerous reports circulating that the Microsoft Security Essentials anti-malware utility is flagging Google’s Chrome browser as a password-stealing trojan.

In what appears to be a crucial false-positive, Microsoft’s security tools are removing Chrome from Windows machines, marking it as a variant of the notorious Zeus (Zbot) malware family.

Complaints from Chrome users are lighting up support forums this morning:

I have been using Chrome on my office PC for over a year.  This morning, after I started up the PC, a Windows Security box popped up and said I had a Security Problem that needed to be removed.  I clicked the Details button and saw that it was “PWS:Win32/Zbot”.  I clicked the Remove button and restarted my PC.  Now I do not have Chrome.  It has been removed or uninstalled.  The Chrome.exe file is gone.  Was there really a problem, or is this just a way for Microsoft to stick it to Google?  If I reinstall Chrome, will it have my bookmarks and other settings?  Not sure what to do about this, but I much prefer Chrome to Explorer.

And another:


I just tried to reinstall Chrome, and Windows Security stopped it.  Again citing a “severe” threat, “PWS:Win32/Zbot”.  What is going on here?

This Chrome user narrows down the problem:

I have the issue as well. Microsoft Security Essentials is removing it.
MSE Versions:

Security Essentials Version: 2.1.1116.0
Antimalware Client Version: 3.0.8402.0
Engine Version: 1.1.7702.0
Antivirus definition: 1.113.656.0
Antispyware definition: 1.113.656.0

In addition to Microsoft Security Essentials, the Microsoft Forefront Endpoint Protection product is also detecting and removing Google Chrome as a malware threat.  Both products share the same anti-malware engine.

Tidak ada komentar:

Posting Komentar