Microsoft's Security Update IDs Google as Malicious Web Page

Microsoft's February Security Update included an antivirus and security software "fix" that told users that was infected with the Blackhole Exploit Kit.

A few hours after complaints began pouring in, Microsoft corrected the problem. A post on its Malware Protection Center site states: "On February 14, 2012, an incorrect detection for Exploit:JS/Blacole.BW was introduced," and notes that the company issued an update to take care of the problem.

Microsoft recommended that users download the most recent versions of the updates (signature versions 1.119.1988.0 and higher, for those keeping score.)

The false positive affected users of Microsoft's Forefront corporate security software and Security Essentials scanner software.

Reports of something amiss quickly began to surface on sites such as the SANS Institute's Internet Storm Center and Microsoft's TechNet forum. Posters to TechNet said the warning about Google began showing up about five minutes after users installed the updates. Most users posting comments to the site suspected it was a false positive.

The Blackhole Exploit Kit, which first appeared in August 2010, is crimeware developed in Russia that usually targets Windows operating systems and applications, looking to exploit common security flaws.

Blackhole has been used to infect the U.S. Postal Service's Rapid Information Bulletin Board System website in April 2011, and, most recently, to hack into, a WikiLeaks-style site that publishes leaked files and intelligence documents, eWeek reported.

In the Cryptome attack, which occurred Feb. 8, almost all of the 6,000 pages in the site's main directory and 5,000 files in subdirectories, were infected with malicious PHP script that redirected users to a third-party website, eWeek reported.

Microsoft rates the alert level for Blackhole as "severe," but visitors to Google who got the warning needn't be concerned, even if they were a bit annoyed.

Security writer Brian Krebs, who was among the first to report the snafu, points out that false positives happen to every antivirus vendor and "this one was fairly innocuous as these things go."

After all, it didn't do any damage, Google's home page wasn't infected, most users suspected right off the bat that it was a false positive, and Microsoft quickly addressed the problem.

But it's notable because it just happened to flag the most visited Web page in the world. It might also be notable that Microsoft and Google are fairly fierce rivals, but whether the false positive on Google was a coincidence or whether someone was having a little fun with a competitor may never be publicly known.


  • Insights for MyAnalytics Getting Switched On for Office 365 Users This Month

    Microsoft is planning to activate "Insights for MyAnalytics" sometime late this month for most Office 365 users, but the ability of organizations to manage this feature won't be available until possibly mid-May.

  • SharePoint Framework 1.8 Now Generally Available

    Microsoft this week announced that SharePoint Framework 1.8 had reached "general availability" status, although some features are still at the preview stage.

  • How To Create Office 365 User Accounts in Bulk

    Manual account creation can be tedious, time-consuming and prone to human error, especially if you have more than a handful of Office 365 users to set up. Brien shows you a better way.

  • System Center 2019 Reaches General Availability

    System Center 2019 has now reached the "general availability" product stage, Microsoft indicated in a Thursday update.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.