The Register® — Biting the hand that feeds IT

Feeds

McAfee spies malware in legit JavaScript apps

More anti-virus false alarm madness

Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

A dodgy anti-virus update from McAfee on Wednesday wrongly identified legitimate JavaScript files as a virus in the second such screw-up by a major security vendor in less than a week.

As a result of the snafu McAfee users who applied the update were falsely warned that their systems were infected by the Exploit-BO JavaScript virus after visiting sites including ESPN and Friendster, the SANS Institute's Internet Storm Centre warns.

The dodgy update is DAT 5197 released on January 2. McAfee pulled the update and issued a replacement signature update (DAT 5198) shortly afterwards.

Faulty anti-virus signature updates are not uncommon across the industry. Spookily rival vendor CA experienced exactly the same type of problem, again involving legitimate JavaScript files been falsely identified as viruses only on Monday. This suggests a general difficulty in tuning heuristic (generic) detection of anti-signature tools to recognise the difference between legitimate JavaScript apps and malware. ®

Agentless Backup is Not a Myth

Latest Comments

SCREAMING SCRIPT

javaSCRIPT is unrelated to java and never gets into the (cat-turded) sandbox.

0
0
Anonymous Coward

No such thing as heuristic detection

and they copy each others signatures.

0
0

Sandbox...

Is not always effective. Do you know just how much software they'd need to test? Many different versions of Java, Flash, etc. -- and that's just counting the "popular" software.

0
0

More from The Register

 breaking news
Number of cops abusing Police National Computer access on the rise
Only a telegram from the Queen can get you off it
 breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
Flash flaw potentially makes every webcam or laptop a PEEPHOLE
But it's a Google problem - Chrome only, insists Adobe
Internet fraud still stings suckers
Australians twice as gullible as Americans
 breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
 breaking news
Yahoo! joins! rivals! in! PRISM! data! request! admission!
Keep calm and carry on using American tech firms, folks
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
 breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?