McAfee spies malware in legit JavaScript apps
More anti-virus false alarm madness
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
A dodgy anti-virus update from McAfee on Wednesday wrongly identified legitimate JavaScript files as a virus in the second such screw-up by a major security vendor in less than a week.
As a result of the snafu McAfee users who applied the update were falsely warned that their systems were infected by the Exploit-BO JavaScript virus after visiting sites including ESPN and Friendster, the SANS Institute's Internet Storm Centre warns.
The dodgy update is DAT 5197 released on January 2. McAfee pulled the update and issued a replacement signature update (DAT 5198) shortly afterwards.
Faulty anti-virus signature updates are not uncommon across the industry. Spookily rival vendor CA experienced exactly the same type of problem, again involving legitimate JavaScript files been falsely identified as viruses only on Monday. This suggests a general difficulty in tuning heuristic (generic) detection of anti-signature tools to recognise the difference between legitimate JavaScript apps and malware. ®
COMMENTS
SCREAMING SCRIPT
javaSCRIPT is unrelated to java and never gets into the (cat-turded) sandbox.
No such thing as heuristic detection
and they copy each others signatures.
Sandbox...
Is not always effective. Do you know just how much software they'd need to test? Many different versions of Java, Flash, etc. -- and that's just counting the "popular" software.
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Steps to Take Before Choosing a Business Continuity Partner
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
