Security

Error in McAfee virus definition causes popular sites to be flagged as a threat

An erroneous McAfee update definition file causes the antivirus software to mistakenly report that certain sites are running malicious code when they are not.

An erroneous McAfee update definition file causes the antivirus software to mistakenly report that certain sites are running malicious code when they are not.

It caused a stir over at Ars Technica, where readers wrote in en masses about their antivirus software setting off an alert upon visiting the popular tech destination. It led site owner Ken Fisher to suspect that his site was hacked. Thankfully, it was not so.

Excerpt from Ars Technica:

Within an hour, many of the same people who originally wrote us were now telling us that they were having problems on Verizon Wireless' Web site, ESPN.com, Friendster, and several other sites. Either a major hack attack was underway (unlikely), or some flawed antivirus definitions just got distributed to a whole bunch of people.

The identified "threat" is JS/Exploit-BO, a relatively minor exploit:

JS/Exploit-BO provides generic detection of obfuscation techniques used by Javascript exploits to hide their malicious payload. In some circumstances these obfuscation techniques may be used by licit Web sites.

A reader who works at McAfee has written in to Ars to tell them that problem was theirs.

If you are affected, an update that is supposed to fix the problem has now been posted.

About

Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.

Editor's Picks