Botched Malwarebytes Security Update Cripples Thousands of Computers
April 18, 2013 10:59 AM
comment(s) - last by
Malware software targeted legitimate Windows files
Security vendor Malwarebytes has crippled thousands of computers around the world after a faulty update was applied to its software. The faulty security update applied to the software marked legitimate system files as malware code.
The company admitted to the problem on its
official blog earlier this week
and has since pulled the faulty update.
"At around 3PM PST yesterday [Tuesday] Malwarebytes released a definitions update that disabled thousands of computers worldwide," wrote Malwarebytes’ Marcin Kleczynski.
"Within eight minutes, the update was pulled from our servers. Immediately thereafter, users flocked to our support helpdesk and forums to ask us for a fix."
The specific operating system files that the malware update targeted included Windows.dll and.exe files. By targeting those files, the security application prevented them from running, taking IT systems and individual computers off-line.
One company that uses a software claims that the update knocked 80% of its servers off-line. Malwarebytes maintains that it has begun reworking its update policy to ensure the sort of mistake never happens again.
"We acted over-zealously in that mission and realise far superior procedures around updating are needed. More was expected of us, and we failed," wrote Kleczynski.
"We are commissioning several new resources to stop this from happening again. We are building more redundancy to check our researchers' work and improving our peer review."
This article is over a month old, voting and posting comments is disabled
RE: Effective but risky ...
4/19/2013 4:40:48 AM
Good advice. The problem here was that users were not even running scans, yet DLLs and EXEs were getting hosed. At my office, we have the Enterprise Edition with real-time protection, and the affected PCs appeared to be compromised by malware, when it was in fact MBAM. Applications would freeze or were unable to launch. The main security suite was inoperable. So naturally, I tried to scan with MBAM and lo and behold, 2000+ "infected" files on one PC, all with the same Trojan. WTF? So I took a closer look and saw all the system files and even MBAM core files. Obviously something was fishy, so, I canceled out, hit up the web and found the support threads showing the problem. But in a way, it was a self-fulfilling prophecy. In our case at least, the program broke the system in a manner that just screamed "malware", so I can see how people could ran headfirst into more trouble, and blindly trust that the anti-malware software knew what it was doing.
Luckily, the company's fix tool worked on most users (those who couldn't even run System Restore) and de-quarantined the affected files, but some required repair installs of Windows. No idea if we'll bother renewing our licenses next year. Kinda sad, considering it's been so good thus far.
"We are going to continue to work with them to make sure they understand the reality of the Internet. A lot of these people don't have Ph.Ds, and they don't have a degree in computer science." -- RIM co-CEO Michael Lazaridis
Google's Gleaming Glass HQ Gets Mountain View Snub, LinkedIn Gets the Love
May 7, 2015, 6:58 AM
Tech's Tax Day Fortunate Few: Qualcomm, Xerox, GE, et al. Pay Little or No Taxes
April 15, 2015, 11:30 AM
LinkNYC Terminals to Blanket New York City With Free WiFi, Free Calls, and Ads
November 17, 2014, 6:50 PM
Microsoft is Open-Sourcing Most of .NET, Adding OS X and Linux Support
November 12, 2014, 8:27 PM
Home Depot Lost 53 Million Emails, Blames Windows, Buys Execs New Macs
November 9, 2014, 5:00 PM
Former NSA Lawyer: If Google, Apple Encrypt User Data, They’ll Wither on the Vine Like Blackberry
November 6, 2014, 12:15 PM
Most Popular Articles
Why the U.S. Won't be Able to Ban Google's New Huawei Marshmallow Flagship Phone
October 3, 2015, 5:27 PM
Microsoft Band 2 Stays Focused on Fitness, Debuts Oct. 30, Priced at $249
October 6, 2015, 9:16 PM
Apple's First Fixes to iOS 9 Land w/ iOS 9.0.1 Release
September 23, 2015, 6:11 PM
Breaking Bad: How to Crash Google's Chrome Browser With Just 8 Characters
September 23, 2015, 11:08 AM
Apple Watch Commands 2 in 3 Smart Watch Sales, WatchOS 2 Sweetens the Pitch
September 20, 2015, 6:07 PM
Latest Blog Posts
Sceptre Airs 27", 120 Hz. 1080p Monitor/HDTV w/ 5 ms Response Time for $220
Dec 3, 2014, 10:32 PM
Costco Gives Employees Thanksgiving Off; Wal-Mart Leads "Black Thursday" Charge
Oct 29, 2014, 9:57 PM
"Bear Selfies" Fad Could Turn Deadly, Warn Nevada Wildlife Officials
Oct 28, 2014, 12:00 PM
The Surface Mini That Was Never Released Gets "Hands On" Treatment
Sep 26, 2014, 8:22 AM
ISIS Imposes Ban on Teaching Evolution in Iraq
Sep 17, 2014, 5:22 PM
More Blog Posts
Copyright 2015 DailyTech LLC. -
Terms, Conditions & Privacy Information