Microsoft briefly tagged Google.com as malware site

One of the biggest web sites in the world was briefly identified by two Microsoft security software products as being infected with malware. ZDNet UK reports that on Tuesday the programs, Microsoft Forefront and Microsoft Security Essentials, got an update that mistakenly tagged Google.com as being infected with the Blackhole exploit kit.

Because of the erroneous update, users of those software programs around the world posted word on Microsoft support forums that the applications were not allowing them to access Google.com. In a few hours, yet another update was sent out to both programs. In a post on the Sans Institute web site, the security group said, "As of 20:11 GMT-5 Feb 14 2012, we received confirmation from Microsoft stating that this problem is a false positive and will be corrected in the update 1.119.1986.0 or higher for the antivirus."

The Blackhole exploit kit was first discovered back in 2010. Developed by Russian hackers. the exploit kit can infect web sites and then transmit malware to the hard drives of PC users who visit the corrupted sites. It's currently unknown why the two Microsoft security programs would have flagged Google.com as having Blackhole installed. So far Microsoft has yet to comment on the issue.

Report a problem with article
Previous Story

Apple to update privacy policy on iOS apps

Next Story

UPS web site experiencing online technical issues

24 Comments

Commenting is disabled on this article.

Ah so that's what it was. I was surprised when I saw MSE popup yesterday. Indeed the source file was Google. I just cleaned up and thought nothing more of it.

in other news google engineers are scrambling to identify a bug in their google search engine results that has totally removed any results from all microsoft.com domains.

dvb2000 said,
in other news google engineers are scrambling to identify a bug in their google search engine results that has totally removed any results from all microsoft.com domains.

That would be fun..

MSE once thought chrome as virus... now this?? MS is going a terrible job in identifying malware and virus... althoug i like MSE and i use it every day.

still1 said,
MSE once thought chrome as virus... now this?? MS is going a terrible job in identifying malware and virus... althoug i like MSE and i use it every day.

if i remember correctly mse tagged the chrome updater as a malware and was not so wrong about doing so concerning the behavior of the sw... it's not about the name or the functionality of the program, its what they do - okay false alarm, but better safe than sorry

Morden said,

if i remember correctly mse tagged the chrome updater as a malware and was not so wrong about doing so concerning the behavior of the sw... it's not about the name or the functionality of the program, its what they do - okay false alarm, but better safe than sorry


Microsoft windows updates do the same too??? so u would say its a malware???
Haters gonna get some excuse to make anything right...
and what the excuse for tagging google.com as malware???? because they offer you search results?

still1 said,

Microsoft windows updates do the same too??? so u would say its a malware???
Haters gonna get some excuse to make anything right...
and what the excuse for tagging google.com as malware???? because they offer you search results?

Guess what, as you said, haters gonna hate. All programs and most advanced algorithms have bugs. Live with it.

still1 said,

Microsoft windows updates do the same too??? so u would say its a malware???
Haters gonna get some excuse to make anything right...
and what the excuse for tagging google.com as malware???? because they offer you search results?

You really need to educate yourself and know the differences and complexities in software and websites rather than just the end result of what the product provides from a consumer perspective.

Fred 69 said,

You really need to educate yourself and know the differences and complexities in software and websites rather than just the end result of what the product provides from a consumer perspective.
So educate us

still1 said,

Microsoft windows updates do the same too??? so u would say its a malware???
Haters gonna get some excuse to make anything right...
and what the excuse for tagging google.com as malware???? because they offer you search results?

Windows Update is an OS service that is a part of explorer while Chrome updater is a user program.
The reason for the false positive for google.com is in the news article that is posted.

Doli said,

Windows Update is an OS service that is a part of explorer while Chrome updater is a user program.
The reason for the false positive for google.com is in the news article that is posted.


updater is part of google chrome too... so u cant classify as malware... read the actual post i was replying to... i was just making a point that not all intented software can be called malware.

still1 said,

updater is part of google chrome too... so u cant classify as malware... read the actual post i was replying to... i was just making a point that not all intented software can be called malware.

please understand: a antivirus does not give a **** about the sw's name, it monitors it's activity
google chrome's updater classified as aalware due to its actual activity on your computer (as a keygen or cracker is often "mistakenly" classifies as malware due to its ability to modify files)

why is that firefox was never mistaken for a malware? chrome's updater does not even uninstall when told to... if you ask me the whole crap IS a malware

It's currently unknown why the two Microsoft security programs would have flagged Google.com as having Blackhole installed. So far Microsoft has yet to comment on the issue.

I don't know how MSE's network inspection service works, but it probably has something to do with their heuristic algorithms, and nothing deliberate. And to be honest, while I love Google, they keep throwing in more and more on-the-fly JS/AJAX stuff behind the scenes...

Which is exactly what the program is meant to prevent - stuff happening without your knowledge or consent. Obviously it's not an issue, but you can probably see how some algorithms (which are based off of patterns) may have flagged a new change, or how a modification to another one may have created a new false positive.

I know Microsoft thinks most links are suspicious(http://www.neowin.net/news/mic...-14-downloads-are-malicious), but we've seen more interesting things happen in a similar manner from other companies (http://www.neowin.net/news/wor...cted-as-malware-by-symantec).